cert-manager
cert-manager is an automation tool to manage and issue TLS certificates from various issuing resources in a Kubernetes native way. It ensures that certificates are valid and attempts to renew them before expiry.
This package deploys cert-manager to be used with Let's Encrypt as the Certificate Authority.
Requirements
- Kubernetes
1.23->1.28 - Kustomize >=
v3.5.3
Image repository and tag
- Cert Manager image:
quay.io/jetstack/cert-manager-controller:v1.14.2 - Cert Manager repo: https://github.com/jetstack/cert-manager
- Cert Manager documentation: https://cert-manager.io/docs/
Configuration
cert-manager is deployed with the following configuration:
- The default issuer kind is
ClusterIssuer - The default issuer is
letsencrypt
Deployment
To deploy the cert-manager package:
- Add the package to your bases inside the
Furyfile.yml:
resources:
- name: ingress/dual-nginx
version: "v2.3.3"
- name: ingress/cert-manager
version: "v2.3.3"
-
Execute
furyctl legacy vendor -Hto download the packages -
Inspect the download packages under
./vendor/katalog/ingress/cert-manager. -
Define a
kustomization.yamlthat includes the./vendor/katalog/ingress/cert-managerdirectory as resource.resources:
- ./vendor/katalog/ingress/cert-managerFor the
dual-nginxyou will need to patch theClusterIssuerresource with the right ingress class:---
patchesJson6902:
- target:
group: cert-manager.io
version: v1
kind: ClusterIssuer
name: letsencrypt-staging
path: patches/dual-nginx.yml
- target:
group: cert-manager.io
version: v1
kind: ClusterIssuer
name: letsencrypt-prod
path: patches/dual-nginx.ymland in the
patches/dual-nginx.yml:---
- op: "replace"
path: "/spec/acme/solvers/0/http01/ingress/class"
value: "external" -
Finally, execute the following command to deploy the package:
kustomize build . | kubectl apply -f -