Certification is one of critical security feature.
In Kubernetes, cert-manager is key role for certification management.
For cert-manager, there are only two steps.
- Install cert-manager by helm chart
- Configure Issuer
Installation
helm repo add jetstack https://charts.jetstack.io --force-update
helm repo update
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.crds.yaml
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.14.5
Install Let's Encrypt Issuer
- kind ClusterIssuer is global scope API, so you don't need any namespace.
File: clusterissuer.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer # I'm using ClusterIssuer here
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: <your-email-address>
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
Apply cluster issuer
kubectl apply -f clusterissuer.yaml
Top comments (0)