cert-manager helps with certificate management in Kubernetes cluster. When paired with Let’s Encrypt, it gives administrators and developers ability to “set and forget” the certificates. Since my goal is to publish some of the services to Internet, I will definitely want to automate all the mundane tasks regarding the certificates.
For installation there are some alternatives, of which I decided to use Helm chart. The commands are almost self-explanatory:
kubectl create namespace cert-manager helm repo add jetstack https://charts.jetstack.io && helm repo update helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.2.0 --set installCRDs=true kubectl apply -f letsencrypt-staging.yml kubectl apply -f letsencrypt-prod.yml
The last two files create the CAs inside the k8s cluster. They can be created with a templates like these.
After successful installation, you can test getting the certificate with a test app with these instructions.