cert-manager

Purpose: Automated TLS certificate management

Version: v1.16.0 (Helm chart: cert-manager 1.16.0)

Namespace: cert-manager

Description

Manages certificates from Let's Encrypt, Venafi, and other certificate authorities. Automates certificate issuance and renewal using DNS-01 or HTTP-01 challenges.

Installation

Installed via ArgoCD from manifest: config/dev/resources/cert-manager.yaml

Configuration

ClusterIssuer

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: admin@ssdk8s.xyz
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
      - dns01:
          cloudflare:
            apiTokenSecretRef:
              name: cloudflare-api-token
              key: api-token

Certificate

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: example-tls
  namespace: default
spec:
  secretName: example-tls
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  dnsNames:
    - example.ssdk8s.xyz
  duration: 2160h
  renewBefore: 360h

DNS Provider

Uses Cloudflare for DNS-01 challenges.

Secret: cloudflare-api-token in cert-manager namespace

Usage

Annotations for Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-app
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  tls:
    - hosts:
        - myapp.ssdk8s.xyz
      secretName: myapp-tls

Components

Component	Purpose
cert-manager	Certificate controller
cert-manager-cainjector	Certificate injection
cert-manager-webhook	Validation webhook

Default Certificate

All ingress resources automatically get TLS via Let's Encrypt.

Description​

Installation​

Configuration​

ClusterIssuer​

Certificate​

DNS Provider​

Usage​

Annotations for Ingress​

Components​

Default Certificate​