Cert-manager Certificate Issuer

3/17/2021
Maxime Moreillon
KubernetesTutorials

Cert-manager Certificate Issuer

With cert-manager installed, SSL certificates can be automatically obtained for Ingresses deployed in a Kubernetes cluster. To achieve this, one must deploy the appropriate ClusterIssuers to the cluster. Here are example manifests to do so.

Production

# prod_issuer.yaml
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer # Maybe could make it just an issuer for individual apps
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: MY_EMAIL@gmail.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class:  nginx

Staging

# staging_issuer.yaml
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    # The ACME server URL
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: MY_EMAIL@gmail.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-staging
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class:  nginx