How to use cert-manager to secure your applications in Kubernetes

Published 28.03.2021

Author Fabian Peter

Categories Engineering

Tags

If you’re running microservices in Kubernetes, chances are good you need to expose some of them for public access, secured with TLS.

In Kubernetes, we have cert-manager to deal with certificate management for us – most prominently it acquires free SSL certificates from LetsEncrypt for our ingress resources if configured correctly.

Install cert-manager to your Kubernetes cluster

We’re using HELM to install cert-manager into our Kubernetes cluster. The steps are taken from the official documentation.

kubectl create namespace cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --version v1.2.0 \
  --create-namespace \
  --set installCRDs=true

Create certificate issuers

To correctly issue certificates from LetsEncrypt, cert-manager needs to be configured. We need to add so called Issuers (or ClusterIssuers) to our Kubernetes clusters that configure the integration with LetsEncrypt.

Create a file called le-issuers.yml and add the following content to it:

apiVersion: cert-manager.io/
kind: ClusterIssuer           
metadata:
    name: letsencrypt-staging
    namespace: "cert-manager"
spec:
    acme:
      server: https://acme-staging-v02.api.letsencrypt.org/directory
      email: "you@example.com"
      privateKeySecretRef:
        name: letsencrypt-staging
      solvers:
        - http01:
            ingress:
              class: nginx
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer           
metadata:
    name: letsencrypt-prod
    namespace: "cert-manager"     
spec:
    acme:
      server: https://acme-v02.api.letsencrypt.org/directory
      email: "info@example.com"
      privateKeySecretRef:
        name: letsencrypt-prod
      solvers:
         - http01:
            ingress:
              class: nginx

Apply the changes to your Kubernetes cluster by running the following command:

kubectl --namespace cert-manager apply -f le-issuers.yml

This will create 2 ClusterIssuers (they can be referenced from any namespace) you can invoke to create certificates for your ingress objects. This configuration assumes you’re using nginx as your ingress router – learn how to install nginx in your Kubernetes cluster here:

Join the club,

stay in the loop.

Sign up to receive exclusive content around cloud native software development right into your inbox.

We don’t spam! Read our privacy policy for more info.

More stories from our blog

What is cloud native?

What is cloud native?

Cloud native is a term that has been around for a while, but it’s still not well understood. The term was first used in 2010 by Adrian Cockcroft, then VP of cloud architecture at Netflix. He defined it as: “The application is designed from the ground up to take...

Three Monsters: The path to Self Growth

Three Monsters: The path to Self Growth

If you ever take a journey down your daily journal, you would find certain traits that set you back and harm your trajectory to success. Now, if you are busy and don’t have time to write a journal (aka no time for self-discovery) but want to discover these traits (I...

Proxy Servers: The Captivate Shield

Proxy Servers: The Captivate Shield

If you have been scrolling the web, you would have heard about the terms proxy and reverse proxy at least once. You might know a bit of them or might be completely unaware of what they are. This is completely okay with me, and if you have the desire to understand...

Service Mesh: The Gateway to Happiness

Service Mesh: The Gateway to Happiness

Microservices have lead the human race away from monolithic applications to a cloud native landscape. The dominance of microservices (containers) has impacted the modern development environment to be scalable, flexible and continuous. But as the number of...

CNCF: Forefront of the Cloud Native Landscape

CNCF: Forefront of the Cloud Native Landscape

Cloud Native Computing Foundation or CNCF is a term you would see flying all around the cloud native landscape. You might know about it a bit as a prominent organization that maintains your frequently used open source tools like Kubernetes, Prometheus (and more!)...

Kubernetes: Everything You Need to Know about it

Kubernetes: Everything You Need to Know about it

The demand around scalable and reliable services is increasing every day exponentially. The market is driven by customers demanding their favorite services to have zero downtime and companies that lose millions of dollars for every minute they’re down. If you have...

Turbo-charge with Container Orchestration

Turbo-charge with Container Orchestration

Managing containers while traffic increases or decreases in cost-effective ways round the clock sounds challenging and complex without tools. We, as cloud-native citizens, crave scalability and agility. But our containers going into production without the cloud-native...

Unikernel Vs Container Vs VMs: Here is what you should use

Unikernel Vs Container Vs VMs: Here is what you should use

If you’d gone through Containers, Unikernels and VMs, I would bet you’re confused about which one to try for your new venture. It’s normal and happens to everyone while experimenting with adopting new technology. Remember the age-old dilemma of you thinking which...

Interested in what we do? Looking for help? Wanna talk about software strategy?