Skip to content

Cert-manager

Cert-manager is a tool to automatically provision and manage TLS certificates in Kubernetes.

Github repository

Getting Started

  • install helm repository 

    helm repo add jetstack https://charts.jetstack.io
helm repo update

  • create cert-manager namespace 

    kubectl create namespace cert-manager

  • install cert-manager plugin for kubectl 

    curl -L -o kubectl-cert-manager.tar.gz https://github.com/jetstack/cert-manager/releases/download/v1.2.0/kubectl-cert_manager-linux-amd64.tar.gz
tar -zxvf kubectl-cert-manager.tar.gz
sudo install -m 755 kubectl-cert_manager /usr/local/bin/kubectl-cert_manager

  • install helm Chart 

    helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.2.0 --create-namespace --set installCRDs=true

  • get all resources in cert-manager namespace 

    kubectl get all -n cert-manager -o wide

Cert-manager Issuer

Self-signed

  • create cert-manager self-signed issuer 
    kubectl apply -f self-signed-issuer.yaml

Securing NGINX Ingress Controller with Let's Encrypt

  • install NGINX Ingress Controller and assign a DNS name to the ingress-controller external IP

  • deploy a service 

    kubectl apply -f deployment.yaml

  • deploy cert-manager

  • create cert-manager staging let's encrypt issuer 

    kubectl apply -f staging-issuer.yaml

  • create cert-manager production let's encrypt issuer 

    kubectl apply -f production-issuer.yaml

  • deploy a TLS ingress resource 

    kubectl apply -f ingress-tls.yaml