Cert Manager
Cert Manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources. It will ensure certificates are valid and up to date, and attempt to renew certificates at a configured time before expiry.
Post Installation
You have to create a ClusterIssuer to issue certificates. You can create a ClusterIssuer by following the steps below:
Go to CRD section inside the Cert Manager application and click on Create button.
in the create section, enter the name as letsencrypt-clusterissuer-prod and add the following yaml
Please replace the following values in the yaml:
| Value | Description |
|---|---|
| Your email address | |
| ingress.class | The ingress class that the ingress controller is using. You can find this by running kubectl get ingressclasses |
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# Email address used for ACME registration
email: your-email@example.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret to store the ACME account private key
name: letsencrypt-prod-account-key
solvers:
- http01:
ingress:
class: nginx # This is the ingress class that the ingress controller is using You can find this by running `kubectl get ingressclasses`You can create any number of ClusterIssuers based on your requirements. For more information on how to create a ClusterIssuer, you can refer to the Cert Manager Documentation (opens in a new tab).