How to provision SSL certificates with cert-manager?
Hi, today I’m going to talk to you about how you can configure a kubernetes cluster to generate and automatically renew SSL certificates in the style of “Configure and Forget”, so once you have finished reading and followed the steps you’ll not have to worry about your certificates never again 😎.
Requirements:
- Kubernetes
- Kubectl
- Helm
- Ingress Controller
Configuring your PC
It will be assumed that you already have a kubernetes cluster running and an Ingress Controller already configured for this example will assume that GKE is used.
To follow this tutorial it is necessary to have installed and running kubectl, in my case I use a distribution based on Arch linux so it is enough to run in a terminal the command sudo pacman -Syu kubectl. In case you’ve another distribution or use Windows you can use the following link to install it Kubectl.
The next step is the installation of the “Package Manager” of kubernetes for that we run the following command
curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get > get_helm.shAgain if you can’t or have problems with your OS, you can use the following link Helm. Once installed it is necessary to install it in the cluster for that run helm init, with this we conclude the installation of helm.
The next thing on the list is to add the jetstack repository (where this cert manager is) as simple as running
helm repo add jetstack https://charts.jetstack.ioInstalling Cert Manager
Once the steps of helm are completed we move on to the next phase that is install cert-manager, we will do it from the jetstack repositories for that we run in the terminal
helm install — name cert-manager — namespace cert-manager — set ingressShim.defaultIssuerName=letsencrypt-prod — set i
ngressShim.defaultIssuerKind=ClusterIssuer jetstack/cert-managerand that at the finish execution will show us an output similar to
Then we can run kubectl get crd to check that Cert Manager CRDs were created
The next step is to generate a ClusterIssuer that allows you to create the certificates for that we will create one that uses the lets encrypt service
We copy the above content into a file and in the terminal we execute kubectl create -n cert-manager -f filenameand voila, after executing the command we have installed and configured Cert-Manager, you must take in mind that Let’s Encrypt comes with limits of requests this is the production server and has strong restrictions if you want to use it for testing I recommend using the Staging server that has less limits, for more information Here.
Ok .. and now how do I use it?
Simple, you just need to create an Ingress and in the part of annotations place the following text kubernetes.io/tls-acme: “true" besides that it has to be configured to use TLS and establish a name in secret to save the certificate ( it’s not necessary to have the secret created, cert-manager automatically create it) and you have certificates and renewals without effort.
If you want you can follow me on Twitter, I usually publish content related to development, technology and games. Goodbye ..👋
