I have a running k3s cluster with portainer and helm, and I just got cert-manager with letsencrypt set up as a ClusterIssuer
Now I would like to enforce https and use the certificate I created for portainer:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: portainer-tls-secret
namespace: portainer
spec:
secretName: portainer-tls-secret
duration: 2160h # 90d
renewBefore: 360h # 15d
subject:
organizations:
- <redacted>
commonName: portainer.k8s.mydomain.tld
isCA: false
privateKey:
algorithm: RSA
encoding: PKCS1
size: 4096
usages:
- server auth
- client auth
dnsNames:
- portainer.k8s.mydomain.tld
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
group: cert-manager.io
This works beautifully:
kubectl get Certificate --all-namespaces
NAMESPACE NAME READY SECRET AGE portainer portainer-tls-secret True portainer-tls-secret 11m
But according to the documentation I have to supply it with a parameter:
helm install -n portainer portainer portainer/portainer --set tls.existingSecret=portainer-tls-secret
(OR upload a single file using the settings, which I doubt very much will autorenew using cert-manager)
As I understand it, the --set <variablename>=<value> is for setting environment variables - can I just "deploy" it by running the helm chart? - even though it is not installed via helm:
$ helm upgrade -n portainer portainer portainer/portainer --set tls.existingSecret=portainer-tls-secret Error: UPGRADE FAILED: "portainer" has no deployed releases
