Deploy cert-manager

In this section you will deploy cert-manager. AWS Load Balancer Controller requires cert-manager for its webhook certificates.

Choose one of the following options to deploy cert-manager:

Option 1: Deploy cert-manager Automatically (preferred)

Deploy cert-manager by following the on-screen instructions on the rok-deploy user interface.

If rok-deploy is not already running, start it with:

root@rok-tools:~# rok-deploy --run-from eks-alb-cert-manager

Proceed to the Summary section.

Option 2: Deploy cert-manager Manually

If you want to deploy cert-manager manually, follow the instructions below.


  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Deploy cert-manager:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/cert-manager/cert-manager/overlays/deploy
  3. Save your state:

    root@rok-tools:~/ops/deployments# rok-j2 deploy/env.eks-alb-cert-manager.j2 \ > -o deploy/env.eks-alb-cert-manager
  4. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Deploy cert-manager"
  5. Mark your progress:

    root@rok-tools:~/ops/deployments# export DATE=$(date -u "+%Y-%m-%dT%H.%M.%SZ")
    root@rok-tools:~/ops/deployments# git tag \ > -a deploy/${DATE?}/release-2.0/eks-alb-cert-manager \ > -m "Deploy cert-manager"


  1. Verify that cert-manager is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1 for all Pods:

    root@rok-tools:~# kubectl -n cert-manager get pods NAME READY STATUS RESTARTS AGE cert-manager-58bcc6fc8c-s4bm7 1/1 Running 0 1m cert-manager-cainjector-54ffb448d4-tkt9s 1/1 Running 0 1m cert-manager-webhook-6d749899cf-9kjj6 1/1 Running 0 1m


You have successfully deployed cert-manager.

What’s Next

The next step is to create an IAM role for AWS Load Balancer Controller.