Deploy cert-manager

In this section you will deploy cert-manager and configure it to use a self-signed ClusterIssuer.


If you are going to use an already issued SSL certificate, you may proceed to the What's Next section.

What You'll Need


  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Edit rok/cert-manager/cert-manager/overlays/deploy/kustomization.yaml and enable the self-signed ClusterIssuer resource:

    - cluster-issuer-self-signed.yaml
    #- cluster-issuer-letsencrypt-prod.yaml
  3. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Configure cert-manager"
  4. Install cert-manager resources along with the self-signed ClusterIssuer:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/cert-manager/cert-manager/overlays/deploy


  1. Verify that cert-manager is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1 for all Pods:

    root@rok-tools:~/ops/deployments# kubectl -n cert-manager get pods
    NAME                                       READY   STATUS    RESTARTS   AGE
    cert-manager-58bcc6fc8c-s4bm7              1/1     Running   0          1m
    cert-manager-cainjector-54ffb448d4-tkt9s   1/1     Running   0          1m
    cert-manager-webhook-6d749899cf-9kjj6      1/1     Running   0          1m


You have successfully installed cert-manager and configured it with a self-signed ClusterIssuer.

What's Next

The next step is to configure the ELB scheme and subnets.