Automate the process of issuing public key certificates from multiple sources, ensuring they are valid, up to date, and renew before expiration.
∘ Prepare
∘ Install
∘ Issuer
· Advanced
∘ Share Secrets between Namespaces
· Summary
Note: This post is a quick start guide for deploying and using cert-manager on a Kubernetes cluster.
Prerequisites
Why do we need to worry about certificates? When declaring a domain name i.e my-website.domain.com and addressing it from either internal network and/or public internet, the devices used to perform the call (web browsers, internal services, containers etc…) would require to check its validity. In order to do that, the domain name should have a certificate that is issued and trusted to operate securely.
Why do we need a certificate manager? Certificate validity has its expiration date, which means certificates have to get renewed. It might be a cumbersome task when there are many certificates to handle. This is the reason cert-manager exists, to help with issuing certificates from a variety of sources, such as Let’s Encrypt, a simple signing key pair, or self-signed. It will ensure certificates are valid, up to date and attempt to renew certificates at a configured time before expiry.
Note: The domain referenced in this post is
MY_DOMAIN, please change accordingly. If you interested in a local-only work mode, you don’t have to pay for a new domain, just decide on a name and use it. For example, if your desired domain ishomelab.com, replaceMY_DOMAINwithhomelab.
#cert-manager #kubernetes #certificate #k8s
