prerequisites

Repository main goal is to get reused by author and, maybe, by people who find it useful. Currently author's setup is baremetal home server with k3s installed on it. So whole repository for sure works on k3s if folow installation guide below.
As result of effort done you gonna get launched instance of application, with domain you configure and ssl above it

installation

• Get the repo files, place them whenever it needed
• (optional) change namespace
  for handiness namespace in repo is "appnamespace", so it can be replaced in any comfortable way by mass replace. If you want use default one - just remove namespace from every manifest from metadata.
  Keep in mind if you change namespace you will have to tweak accordingly some commands below
• (optional) change name
  same as with namespace app name in repo "appname". same can be replaced by mass replace
• apply namespace by kubectl create namespace appnamespace
  heads up in here. if you changed namespace - tweak command accordingly
• (optional) do docker login
• kubectl create secret generic dockerhub-secret --from-file=.dockerconfigjson={yourPath}/.docker/config.json --type=kubernetes.io/dockerconfigjson --namespace=appnamespace
• kubectl apply -f deployment.yaml
  make sure it works (get pods) - if not, something of previos was done wrong. If error with image pull, cause no latest tag expected in your set up you may fix it by optional commands below
• (optional) `kubectl -n appnamespace set image deployment/appname nginx={repo}:{tag}
• (optional) `kubectl -n appnamespace set image deployment/appname php={repo}:{tag}
• kubectl apply -f service.yaml
• edit issuer.yaml by placing your mail in placeholder
• (optional if https) kubectl apply -f issuer.yaml
• (optional if https) uncomment tls section in ingress.yaml
• (optional if https) Enabling X-Forwarded-Proto: https custom headerkubectl apply -f middleware.yaml
• (optional if https) enabling force https redirect kubectl apply -f https-middleware.yaml
• (optional if https) if applied any (or both) middleware uncomment desired it in ingress.yaml
• edit ingress.yaml by replacing placeholders of domain in there to preferred one
• kubectl apply -f ingress.yaml
• After everything done need to assure that certificate is fine by kubectl -n appnamespace get cert to see its True under READY. If not wait ~5 min, recheck and if still not refer to troubleshooting url below
• If previous step is fine need to edit issuer.yaml by removing server and uncommenting #server. Reapply issuer and ingress.
  Personally I did remove secrets by kubectl -n appnamespace delete secret/ingress-secret and kubectl -n appnamespace delete secret/issuer-secret
• Enjoy your service with https configured
• (optional) If you use secrets do cp secrets.yaml.dist secrets.yaml and fill data by any secrets you want to use, according to manual. For those who read diagonally (as i do):
  • keep in mind that secrets have to be base64-encoded strings.
  • To apply them here's example how to
    Do not forget to kubectl apply -f secrets.yaml
• (optional) if you apply secrets you may apply (as i do) them as env variables in container. check deployment.yaml, uncomment and tweak according to own needs example in there, reapply deployment

knowledge sources

• https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
• https://cert-manager.io/docs/troubleshooting/acme/
• https://kubernetes.io/docs/concepts/configuration/secret/