DEV Community

farhanaliali
farhanaliali

Posted on

Step-by-Step Guide: Installing cert-manager and Configuring Production Certificates

Introduction

In this tutorial, we'll walk through the process of installing cert-manager on your Kubernetes cluster and configuring it to manage production-ready SSL/TLS certificates. cert-manager automates the issuance and renewal of certificates, making it a vital tool for ensuring your services are secure and up to date.

Prerequisites

Before we begin, ensure you have the following:

  • A Kubernetes cluster up and running
  • kubectl configured to interact with your cluster
  • A domain name for which you want to issue certificates

Step 1: Install cert-manager

The first step is to add the Jetstack repository:

helm repo add jetstack https://charts.jetstack.io
helm repo update
Enter fullscreen mode Exit fullscreen mode

Install Cert-Manager with CRDs into your cluster

helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
Enter fullscreen mode Exit fullscreen mode

Configure The Let's Encrypt Certificate Issuer

Create a YAML file named letsencrypt-production.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
    name: letsencrypt-production
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: example@domain.com
    privateKeySecretRef:
      name: letsencrypt-production
    solvers:
      - http01:
          ingress:
            class: nginx
Enter fullscreen mode Exit fullscreen mode

Apply the letsencrypt-production.yaml:

    kubectl apply -f letsencrypt-production.yaml
Enter fullscreen mode Exit fullscreen mode

Obtain an HTTPS Certificate

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wordpress
annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-production
spec:
  rules:
    - http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
                name: wordpress
                port:
                number: 80
tls:
 - hosts:
   - example.com
Enter fullscreen mode Exit fullscreen mode

Apply the updated Ingress resource:

    kubectl apply -f ingress.yaml
Enter fullscreen mode Exit fullscreen mode




Conclusion

Congratulations! You've successfully installed cert-manager and configured it to issue production-ready SSL/TLS certificates. This setup will automatically manage the renewal of your certificates, ensuring your services remain secure. Remember to monitor your cert-manager logs and resources to ensure smooth operation.

Top comments (0)