DEV Community

Choonho Son
Choonho Son

Posted on • Updated on

Install cert-manager & Let's encrypt

Certification is one of critical security feature.

In Kubernetes, cert-manager is key role for certification management.

For cert-manager, there are only two steps.

  1. Install cert-manager by helm chart
  2. Configure Issuer

Installation

helm repo add jetstack https://charts.jetstack.io --force-update

helm repo update

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.crds.yaml

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.14.5
Enter fullscreen mode Exit fullscreen mode

Install Let's Encrypt Issuer

  • kind ClusterIssuer is global scope API, so you don't need any namespace.

File: clusterissuer.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer # I'm using ClusterIssuer here
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: <your-email-address>
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx 
Enter fullscreen mode Exit fullscreen mode

Apply cluster issuer

kubectl apply -f clusterissuer.yaml
Enter fullscreen mode Exit fullscreen mode

Reference

https://cert-manager.io/docs/installation/helm/

Top comments (0)