Automatic renewal of TLS certificates for loadbalancers in Kubernetes

Secure web traffic over the HTTPs protocol is a must-have, but not something you want to spend too much time on. It should simply just work — and maintain itself from there on. However, this is not always as straight-forward as it sounds. This blog post will show how to have a fully-automated architecture of requesting, renewing and deploying certificates into a HTTPs load balancer. The principles presented should be technology-agnostic, but for a working example we will use Google Kubernetes Engine with cert-manager for certificate handling, along with the Traefik load balancer.

The full setup is available in the GitHub repository, traefik-tls-auto-renewal, with two tags: one for Traefik v1.7 compatability, and one for Traefik v2.9.