project: Install cert-manager

Tags kubernetes
Hard Prerequisites
IMPORTANT: Please review these prerequisites, they include important information that will help you with this content.
  • K8S: Manual App Deployment – Project Overview
    • Soft Prerequisites
  • K8S: Start the Cluster & Install Helm

    • cert-manager is a Kubernetes Controller used to manage certificates. It will substitute the certbot we used on the previous chapters.

    Let’s install it using Helm:

    # adds the cert-manager Helm repository
helm repo add jetstack https://charts.jetstack.io

# updates the helm index
helm repo update

# installs cert-manager
helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.13.2 \
  --set installCRDs=true \
  --set prometheus.enabled=false

    You will notice that the --set flags inject values into the Helm chart, customizing it. You can also run the template sub command to see what the manifest file looks like.

    # gets the Helm chart full YAML content
# massive output!
helm template jetstack/cert-manager

    Remember the umuzi-k8s GitHub repository? Let’s start using it again to keep track of the YAML files we will create to setup our Kubernetes Cluster.

    Create a file under k8s/cert-manager/ name issuer.yaml. Here we will define ClusterIssuer resource, which will communicate with Let’s Encrypt when we request a certificate later own.

    k8s/cert-manager/issuer.yaml

    apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
  namespace: cert-manager
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    # replace with your own email
    email: <your-email>
    
    # secret resource that will be used to store the account's private key
    privateKeySecretRef:
      name: letsencrypt-prod    
    solvers:
      - http01:
          ingress:
            ingressClassName: nginx

    On the EC2 instance, pull the changes from the repository and apply the file:

    # pull the changes
cd /home/ubuntu/umuzi-k8s
git pull

# applies the file
kubectl apply -f k8s/cert-manager/issuer.yaml

    Let’s take a look at what we have created:

    # gets the clusterissuers resources
kubectl get clusterissuer

# gets the namespaces
# see that we have a new one, `cert-manager`
kubectl get namespace

# gets the pods under the `cert-manager` namespace using the `-n flag
kubectl -n cert-manager get pods

# gets the pods under the `kube-system` namespace
kubectl -n kube-system get pods
    RAW CONTENT URL