Setup TLS Certificate Management in Kubernetes with Cert-Manager using Helm

By /

Introduction:

In the realm of Kubernetes, managing SSL/TLS certificates can be a daunting task, especially as your infrastructure scales. Handling certificate issuance, renewal, and rotation across various services and applications requires precision and automation. This is where cert-manager, a popular Kubernetes certificate management controller, comes into play. In this guide, we’ll explore how to leverage cert-manager along with Helm, Kubernetes’ package manager, to streamline certificate management within your cluster.

What is cert-manager?

Cert-manager is a Kubernetes add-on that simplifies the process of managing X.509 certificates. It automates the issuance, renewal, and revocation of certificates, integrating seamlessly with various certificate authorities (CAs) such as Let’s Encrypt, Venafi, and more. Cert-manager utilizes Custom Resource Definitions (CRDs) to define certificate configurations, making it easy to manage certificates as Kubernetes resources.

Why Use Helm?

Helm is Kubernetes’ package manager, allowing you to define, install, and manage Kubernetes applications using pre-configured package charts. Leveraging Helm simplifies the deployment and management of complex applications, reducing manual intervention and ensuring consistency across environments. Integrating cert-manager with Helm further streamlines the certificate management process, enabling you to define certificate configurations alongside your application deployments.

Installing cert-manager with Helm

To begin, ensure you have Helm installed in your Kubernetes cluster. Once Helm is set up, follow these steps to install cert-manager:

1. Add cert-manager Helm repository:
helm repo add jetstack https://charts.jetstack.io
helm repo update
2. Install cert-manager:

helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.5.3 --set installCRDs=true
3. After Verify Cert-Manager Installation:
kubectl get pods --namespace cert-manager
4. Define a ClusterIssuer:

Next, let’s define a ClusterIssuer resource to specify how Cert-Manager should obtain TLS certificates. We’ll use Let’s Encrypt as the certificate issuer in this example.


Create a file named cluster-issuer.yaml with the following content:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: your-email@example.com
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
      - http01:
          ingress:
            class: nginx

Apply the ClusterIssuer to your cluster:

kubectl apply -f cluster-issuer.yaml
5. Define a Certificate Resource:

Now, let’s define a Certificate resource to request a TLS certificate for your domain.

Create a file named certificate.yaml with the following content:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: example-com
  namespace: default
spec:
  secretName: example-com-tls
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  dnsNames:
    - example.com

Apply the Certificate to your cluster:

kubectl apply -f certificate.yaml

Look for the Status section to see if the certificate has been issued and stored in the specified Secret (example-com-tls).

Conclusion:

Congratulations! You’ve successfully installed Cert-Manager in your Kubernetes cluster and obtained a TLS certificate for your domain. With Cert-Manager, you can automate the management of TLS certificates, ensuring secure communication for your applications effortlessly.

Leave a Comment

Your email address will not be published. Required fields are marked *

VavenSoft ' advanced technologies are assembled to provide new opportunities for our clients. We ensure that cutting-edge technology for cooperative objectives will be made available.

Facebook-f Linkedin Twitter
Quick Links
Get In Touch

© 2024 All Rights Reserved.

Scroll to Top