cert-manager

Deploy cert-manager with bitnami’s helm chart to generate TLS certificates and provides helpers to register ClusterIssuer (LetsEncrypt and mkcert)

Usage with Kubernetes

Read k8s-install.sh and run :

bash k8s-install.sh

Follow instructions providing links to the documentation to configure Issuers and ClusterIssuers and Ingress resources.

ClusterIssuer examples

mkcert

See cluster-issuer/mkcert.sh to create a “mkcert” ClusterIssuer :

bash cluster-issuer/mkcert.sh

LetsEncrypt HTTP01

See cluster-issuer/letsencrypt-http.sh to create a “letsencrypt-http” ClusterIssuer :

bash cluster-issuer/letsencrypt-http.sh <CONTACT_EMAIL>

LetsEncrypt DNS01

See cluster-issuer/letsencrypt-cloudflare.sh to create a “letsencrypt-cloudflare” ClusterIssuer :

export CLOUDFLARE_EMAIL=...
export CLOUDFLARE_API_KEY=...
bash cluster-issuer/letsencrypt-cloudflare.sh

Ingress example

See whoami/k8s-install.sh :

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: whoami
  annotations:
    cert-manager.io/cluster-issuer: "mkcert"
spec:
  ingressClassName: nginx
  rules:
  - host: whoami.dev.localhost
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: whoami
            port:
              number: 80
  tls:
  - hosts:
    - whoami.dev.localhost
    secretName: whoami-cert

Troubleshooting

# follow controller's logs
kubectl -n cert-manager logs $(kubectl -n cert-manager get pods -l app.kubernetes.io/component=controller -o name) -f

Resources

• cert-manager - Documentation
• bitnami.com - cert-manager packaged by Bitnami helm charts