Setting up ingress and HTTPS


These instructions replace the instructions in the outer-edge directory.

In our setup, we have multiple hubs running at one URL, e.g.:

To do this, we need to set up an ingress controller and also cert-manager for https certificates.

Install ingress controller

As recommended by the z2jh team, we use kubernetes/ingress-nginx. Following the ingress-nginx Helm installation instructions:

helm repo add ingress-nginx
helm repo update

kubectl create namespace ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginx -n ingress-nginx

Install cert-manager

Now we need a TLS certificate manager for https. Here, we again deviate from the z2jh documentation and use cert-manager rather than the (deprecated) kube-lego. Following the cert-manager installation guide, specifically the parts about installing with heml:

kubectl create namespace cert-manager
helm repo add jetstack
helm repo update

Then install the custom resource definitions (CRDs):

kubectl apply -f

And install the helm chart:

helm install cert-manager jetstack/cert-manager --namespace cert-manager  --version v1.1.0

Check the installation:

kubectl get pods --namespace cert-manager

Now you need to install a clusterIssuer resource (this is very poorly documented in the cert-manager docs, presumably because they assume their users know more about k8s than I do).

Create a cluster-issuer.yaml file based on the ACME template, with the following settings:


And create (and check) the clusterissuer:

kubectl create -f cluster-issuer.yaml
kubectl describe clusterissuer letsencrypt-prod

Put the cluster-issuer.yaml file in the cluster-config directory (for future reference).

Updating config.yaml

Add the following setup to you <hubname>.yaml file:

    type: ClusterIP

  baseUrl: /staginghub/

  enabled: true
  annotations: nginx 64m "letsencrypt-prod"
    - secretName: cert-manager-tls

Then upgrade helm:

helm upgrade --cleanup-on-fail <hubname> jupyterhub/jupyterhub --namespace <hubname> --version 0.10.6 --timeout 600s --debug -f hub-configs/<hubname>.yaml -f ../../secrets/<hubname>.yaml