Install cert-manager for Kubernetes
Learn how to install cert-manager using the glasskube package manager.
Prerequisites
- Kubernetes cluster (You can easily create a local cluster by using Minikube)
kubectlis strictly speaking no dependency for installing packages via glasskube, but it is the recommended way to interact with the cluster. Therefore, it is highly recommended. Installation instructions are available for macOS, Linux and Windows.
About cert-manager
Cert-Manager is a widely used tool for managing certificates, specifically made for Kubernetes. It simplifies the process of getting, renewing, and using SSL/TLS certificates. Cert-Manager can interact with different certificate authorities (Issuer) such as Let's Encrypt, and it can automatically issue valid certificates. Additionally, it can handle the automatic renewal of certificates before they expire.
These certificates can then be used by various applications like ingress controllers or deployments.
Installation
Installing cert-manager can easily be achieved with the Glasskube package manager.
Install Glasskube
If you already installed glasskube you can skip this step.
If not, glasskube can easily be installed the way you usually install packages for your operating system.
- macOS
- Linux
- Windows
- NixOS/Nixpgks
On macOS, you can use Homebrew to install and update Glasskube.
brew install glasskube/tap/glasskube
You can install Glasskube using one of the package managers below.
RPM-based installation (RedHat/CentOS/Fedora)
dnf install https://releases.dl.glasskube.dev/glasskube_v0.4.0_amd64.rpm
DEB-based installation (Ubuntu/Debian)
curl -LO https://releases.dl.glasskube.dev/glasskube_v0.4.0_amd64.deb
sudo dpkg -i glasskube_v0.4.0_amd64.deb
APK-based installation (Alpine)
curl -LO https://releases.dl.glasskube.dev/glasskube_v0.4.0_amd64.apk
apk add glasskube.apk
If you are using a distribution that does not use one of the package managers above, or require a 32-bit binary, check out additional download options attached to our latest release.
Download the windows archive from our latest Release and unpack it using Windows Explorer.
You can either use the package temporarily in a nix-shell:
nix-shell -p glasskube
Or install it globally by adding pkgs.glasskube to your environment.systemPackages.
After installing Glasskube on your local machine, make sure to install the necessary components in your Kubernetes cluster by running glasskube bootstrap.
For more information, check out our bootstrap guide.
Install cert-manager
- GUI 🖥️
- CLI 🧑💻
Start the UI via the command line:
glasskube serve
Install cert-manager via the Glasskube UI.
A package can be installed with a simple command.
glasskube install cert-manager
The process will wait until the package got successfully installed.
Configuring cert-manager
Before cert-manager can issue certificates an Issuer or (ClusterIssuer) needs to be created so cert-manager knows which
certificate authority (CA) should sign the public key of the certificate.
In this example we showcase the use of the production acme server. Fore testing purposes letsencrypt recommend the staging environment which has higher rate limits, than the production server.
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: you@yourcorp.com # you will receive expiration warnings via this email
privateKeySecretRef:
name: letsencrypt
solvers:
- http01:
ingress:
class: nginx # requires ingress-nginx controller
The ClusterIssuer must be created as a Kubernetes custom resource. This can easily be achieved via kubectl apply:
kubectl apply -f cluster-issuer.yaml
Cert-manager creates an Ingress to validate the ACME challenge, if no Ingress controller is already installed in the cluster the ingress-nginx controller can easily be installed with Glasskube.
Further links about cert-manager:
- Cert-manager docs: https://cert-manager.io/docs/
- Issuer configuration: https://cert-manager.io/docs/configuration/
- Issuer list: https://cert-manager.io/docs/configuration/issuers/