I'm transitioning from ingress-nginx to Envoy Gateway and I'm facing a challenge. My previous setup allowed me to use fake certificates, and if I didn't specify TLS, it would automatically use self-signed certificates. This worked well since I manage DNS and SSL with Cloudflare as my front end. However, Envoy Gateway doesn't have this feature. I've heard a lot about cert-manager, but I'm not keen on using it. What other options do I have? Would it be feasible to manually generate certificates and rotate them once a year, or manage certificates with Terraform, even though that still requires some manual effort? Alternatively, could I just leave it on HTTP since my Cloudflare SSL handles the termination?
2 Answers
Honestly, I recommend giving cert-manager a try. It really simplifies the whole certificate management process and works like a charm. Why are you hesitant to use it?
I get that you might want to avoid cert-manager, but if you're only using Kubernetes in a homelab, tools like cert-manager really help. However, if you're looking for alternatives, you could set up the gcloud cert generator along with cert-manager using Let's Encrypt. Just curious, what’s your reason for not wanting to use cert-manager?
How did you end up setting up your homelab in the first place?