Introduction
In this tutorial, we'll walk through the process of installing cert-manager on your Kubernetes cluster and configuring it to manage production-ready SSL/TLS certificates. cert-manager automates the issuance and renewal of certificates, making it a vital tool for ensuring your services are secure and up to date.
Prerequisites
Before we begin, ensure you have the following:
- A Kubernetes cluster up and running
- kubectl configured to interact with your cluster
- A domain name for which you want to issue certificates
Step 1: Install cert-manager
The first step is to add the Jetstack repository:
helm repo add jetstack https://charts.jetstack.io helm repo update Install Cert-Manager with CRDs into your cluster
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true Configure The Let's Encrypt Certificate Issuer
Create a YAML file named letsencrypt-production.yaml
apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-production spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: example@domain.com privateKeySecretRef: name: letsencrypt-production solvers: - http01: ingress: class: nginx Apply the letsencrypt-production.yaml:
kubectl apply -f letsencrypt-production.yaml Obtain an HTTPS Certificate
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: wordpress annotations: kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-production spec: rules: - http: paths: - path: / pathType: Prefix backend: service: name: wordpress port: number: 80 tls: - hosts: - example.com Apply the updated Ingress resource:
kubectl apply -f ingress.yaml
Conclusion
Congratulations! You've successfully installed cert-manager and configured it to issue production-ready SSL/TLS certificates. This setup will automatically manage the renewal of your certificates, ensuring your services remain secure. Remember to monitor your cert-manager logs and resources to ensure smooth operation.
Top comments (0)