Introduction
In this tutorial, we'll walk through the process of installing cert-manager on your Kubernetes cluster and configuring it to manage production-ready SSL/TLS certificates. cert-manager automates the issuance and renewal of certificates, making it a vital tool for ensuring your services are secure and up to date.
Prerequisites
Before we begin, ensure you have the following:
- A Kubernetes cluster up and running
- kubectl configured to interact with your cluster
- A domain name for which you want to issue certificates
Step 1: Install cert-manager
The first step is to add the Jetstack repository:
helm repo add jetstack https://charts.jetstack.io
helm repo update
Install Cert-Manager with CRDs into your cluster
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
Configure The Let's Encrypt Certificate Issuer
Create a YAML file named letsencrypt-production.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: example@domain.com
privateKeySecretRef:
name: letsencrypt-production
solvers:
- http01:
ingress:
class: nginx
Apply the letsencrypt-production.yaml:
kubectl apply -f letsencrypt-production.yaml
Obtain an HTTPS Certificate
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wordpress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wordpress
port:
number: 80
tls:
- hosts:
- example.com
Apply the updated Ingress resource:
kubectl apply -f ingress.yaml
Conclusion
Congratulations! You've successfully installed cert-manager and configured it to issue production-ready SSL/TLS certificates. This setup will automatically manage the renewal of your certificates, ensuring your services remain secure. Remember to monitor your cert-manager logs and resources to ensure smooth operation.
Top comments (0)