How to use cert-manager to secure your applications in Kubernetes

by | 28.03.2021 | Engineering

If you’re running microservices in Kubernetes, chances are good you need to expose some of them for public access, secured with TLS.

In Kubernetes, we have cert-manager to deal with certificate management for us – most prominently it acquires free SSL certificates from LetsEncrypt for our ingress resources if configured correctly.

Install cert-manager to your Kubernetes cluster

We’re using HELM to install cert-manager into our Kubernetes cluster. The steps are taken from the official documentation.

kubectl create namespace cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --version v1.2.0 \
  --create-namespace \
  --set installCRDs=true

Create certificate issuers

To correctly issue certificates from LetsEncrypt, cert-manager needs to be configured. We need to add so called Issuers (or ClusterIssuers) to our Kubernetes clusters that configure the integration with LetsEncrypt.

Create a file called le-issuers.yml and add the following content to it:

apiVersion: cert-manager.io/
kind: ClusterIssuer           
metadata:
    name: letsencrypt-staging
    namespace: "cert-manager"
spec:
    acme:
      server: https://acme-staging-v02.api.letsencrypt.org/directory
      email: "you@example.com"
      privateKeySecretRef:
        name: letsencrypt-staging
      solvers:
        - http01:
            ingress:
              class: nginx
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer           
metadata:
    name: letsencrypt-prod
    namespace: "cert-manager"     
spec:
    acme:
      server: https://acme-v02.api.letsencrypt.org/directory
      email: "info@example.com"
      privateKeySecretRef:
        name: letsencrypt-prod
      solvers:
         - http01:
            ingress:
              class: nginx

Apply the changes to your Kubernetes cluster by running the following command:

kubectl --namespace cert-manager apply -f le-issuers.yml

This will create 2 ClusterIssuers (they can be referenced from any namespace) you can invoke to create certificates for your ingress objects. This configuration assumes you’re using nginx as your ingress router – learn how to install nginx in your Kubernetes cluster here:

Join the Community

The DevOps Awareness Program

Subscribe to the newsletter

Join 100+ cloud native ethusiasts

#wearep3r

Join the community Slack

Discuss all things Kubernetes, DevOps and Cloud Native

More stories from our blog

Event Driven Architecture Demystified (For Pros)

Event Driven Architecture Demystified (For Pros)

Event-Driven Architecture or EDA is talked about with pride inside any organization. But, through last few months, I have noticed a trend that the definition of EDA is not consistent across people and organizations. It’s vague. EDA is something where you have events...

What’s new in Istio v1.11?

What’s new in Istio v1.11?

Istio is an open platform for providing a uniform way to integrate microservices. It also manages traffic flow across microservices, enforce policies and aggregate telemetry data. The control plane of Istio offers an abstraction layer over the underlying cluster...

What’s new in Artifact Hub v1.1.0/1?

What’s new in Artifact Hub v1.1.0/1?

Artifact Hub is a web-based application and CNCF sandbox project that enables finding, installing, publishing packages and configurations for CNCF projects. Two versions, 1.1.0 and 1.1.1, are out within seven days and we will see what's new in this post! CNCF:...

What’s new in Prometheus v2.29.0?

What’s new in Prometheus v2.29.0?

Prometheus v2.29.0 is out with a lot of new features. We can see a lot of enhancements and several bug fixes too. We will look at all of these items in this article. But first, we have to know what Prometheus is? Prometheus is a Cloud Native Computing Foundation...

What’s new in Cortex v1.10.0?

What’s new in Cortex v1.10.0?

Cortex v1.10 is out . We will see the crucial changes along with the enhancements and fixes in this article. The release includes a lot of new features too. We will see all of that, but first, we will see what Cortex is, and it does. Cortex helps in providing...

What’s new in Kubernetes 1.22?

What’s new in Kubernetes 1.22?

Kubernetes 1.22 is here and it comes with an approach that says, “Less is more.” So, we can see 56 enhancements to this new release (up from 50 in Kubernetes 1.1 and 43 in 1.20). Of those 56 enhancements, we will see that there are 13 which seems to have graduated to...

What’s new in KEDA 2.4.0?

What’s new in KEDA 2.4.0?

It has been such a wonderful week so far because another tool under the CNCF umbrella got its latest update. There are many changes, bug fixes, and new features and enhancements in this new update. We are going to talk about all of these in this article. But, let's...

Git Constructive Updates: Switch and Restore

Git Constructive Updates: Switch and Restore

Git Switch and Restore commands came in version 2.23. In this article, we will go through all the new commands that are here to make our life a bit easier. To understand more about the new Switch and Restore, we will look at "Checkout" first. Let's Start! Checkout git...

Cloud Foundry Simplified

Cloud Foundry Simplified

Often while dealing with networks and services, a big question arrives in our heads regarding deployment. It becomes a relevant concern when you have the required product in your hand, but you have no clue how to deploy it and spread it out to the world. Well, scratch...

Interested in what we do? Looking for help? Wanna talk about software strategy?