cert-manager is an automation tool to manage and issue TLS certificates from various issuing resources in a Kubernetes native way. It ensures that certificates are valid and attempts to renew them before expiry.
This package deploys cert-manager to be used with Let's Encrypt as the Certificate Authority.
- Kubernetes
1.23->1.28 - Kustomize >=
v3.5.3
- Cert Manager image:
quay.io/jetstack/cert-manager-controller:v1.16.1 - Cert Manager repo: https://github.com/jetstack/cert-manager
- Cert Manager documentation: https://cert-manager.io/docs/
cert-manager is deployed with the following configuration:
- The default issuer kind is
ClusterIssuer - The default issuer is
letsencrypt
To deploy the cert-manager package:
- Add the package to your bases inside the
Furyfile.yml:
resources:
- name: ingress/dual-nginx
version: "v3.0.1"
- name: ingress/cert-manager
version: "v3.0.1"-
Execute
furyctl legacy vendor -Hto download the packages -
Inspect the download packages under
./vendor/katalog/ingress/cert-manager. -
Define a
kustomization.yamlthat includes the./vendor/katalog/ingress/cert-managerdirectory as resource.
resources:
- ./vendor/katalog/ingress/cert-managerFor the dual-nginx you will need to patch the ClusterIssuer resource with the right ingress class:
---
patchesJson6902:
- target:
group: cert-manager.io
version: v1
kind: ClusterIssuer
name: letsencrypt-staging
path: patches/dual-nginx.yml
- target:
group: cert-manager.io
version: v1
kind: ClusterIssuer
name: letsencrypt-prod
path: patches/dual-nginx.ymland in the patches/dual-nginx.yml:
---
- op: "replace"
path: "/spec/acme/solvers/0/http01/ingress/class"
value: "external"- Finally, execute the following command to deploy the package:
kustomize build . | kubectl apply -f -For license details please see LICENSE.