Deploy cert-manager

In this section you will deploy cert-manager and configure it to use a self-signed ClusterIssuer.

Fast Forward

If you have already deployed cert-manager and configured it to use a self-signed ClusterIssuer, for example, if you have exposed EKF with ELB, proceed to the What’s Next section.

If you are going to use an already issued SSL certificate, you may proceed to the What’s Next section.

Procedure

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Edit rok/cert-manager/cert-manager/overlays/deploy/kustomization.yaml and enable the self-signed ClusterIssuer resource:

    resources: - cluster-issuer-self-signed.yaml #- cluster-issuer-letsencrypt-prod.yaml
  3. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Configure cert-manager"
  4. Install cert-manager resources along with the self-signed ClusterIssuer:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/cert-manager/cert-manager/overlays/deploy

Verify

  1. Verify that cert-manager is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1 for all Pods:

    root@rok-tools:~/ops/deployments# kubectl -n cert-manager get pods NAME READY STATUS RESTARTS AGE cert-manager-58bcc6fc8c-s4bm7 1/1 Running 0 1m cert-manager-cainjector-54ffb448d4-tkt9s 1/1 Running 0 1m cert-manager-webhook-6d749899cf-9kjj6 1/1 Running 0 1m

Summary

You have successfully installed cert-manager and configured it with a self-signed ClusterIssuer.

What’s Next

The next step is to configure the ELB scheme and subnets.