Deploy cert-manager

In this section you will deploy cert-manager and configure it to use a self-signed ClusterIssuer.

Note

If you are going to use an already issued SSL certificate, you may proceed to the What’s Next section.

Procedure

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
    
  2. Install cert-manager resources in the kube-system namespace:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/cert-manager/cert-manager-kube-system-resources/overlays/deploy
    
  3. Edit rok/cert-manager/cert-manager/overlays/deploy/kustomization.yaml and enable the self-signed ClusterIssuer resource:

    resources:
    - cluster-issuer-self-signed.yaml
    #- cluster-issuer-letsencrypt-prod.yaml
    
  4. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Configure cert-manager"
    
  5. Install cert-manager resources along with the self-signed ClusterIssuer:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/cert-manager/cert-manager/overlays/deploy
    

Verify

  1. Verify that cert-manager is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1 for all Pods:

    root@rok-tools:~/ops/deployments# kubectl -n cert-manager get pods
    NAME                                       READY   STATUS    RESTARTS   AGE
    cert-manager-58bcc6fc8c-s4bm7              1/1     Running   0          1m
    cert-manager-cainjector-54ffb448d4-tkt9s   1/1     Running   0          1m
    cert-manager-webhook-6d749899cf-9kjj6      1/1     Running   0          1m
    

Summary

You have successfully installed cert-manager and configured it with a self-signed ClusterIssuer.

What’s Next

The next step is to configure and install the NGINX Ingress Controller.