In this section you will deploy cert-manager and configure it to use a self-signed ClusterIssuer.
If you have already deployed cert-manager and configured it to use a self-signed ClusterIssuer, for example, if you have exposed EKF with ELB, proceed to the What’s Next section.
If you are going to use an already issued SSL certificate, you may proceed to the What’s Next section.
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing EKS cluster.
Go to your GitOps repository, inside your
rok-toolsmanagement environment:root@rok-tools:~# cd ~/ops/deployments
rok/cert-manager/cert-manager/overlays/deploy/kustomization.yamland enable the self-signed ClusterIssuer resource:resources: - cluster-issuer-self-signed.yaml #- cluster-issuer-letsencrypt-prod.yaml
Commit your changes:root@rok-tools:~/ops/deployments# git commit -am "Configure cert-manager"
Install cert-manager resources along with the self-signed ClusterIssuer:root@rok-tools:~/ops/deployments# rok-deploy --apply rok/cert-manager/cert-manager/overlays/deploy
Verify that cert-manager is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1 for all Pods:root@rok-tools:~/ops/deployments# kubectl -n cert-manager get pods NAME READY STATUS RESTARTS AGE cert-manager-58bcc6fc8c-s4bm7 1/1 Running 0 1m cert-manager-cainjector-54ffb448d4-tkt9s 1/1 Running 0 1m cert-manager-webhook-6d749899cf-9kjj6 1/1 Running 0 1m
You have successfully installed cert-manager and configured it with a self-signed ClusterIssuer.
The next step is to configure the ELB scheme and subnets.