Deploy cert-manager

In this section you will deploy cert-manager and configure it to use a self-signed ClusterIssuer.


If you are going to use an already issued SSL certificate, you may proceed to the What’s Next section.


  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Edit rok/cert-manager/cert-manager/overlays/deploy/kustomization.yaml and enable the self-signed ClusterIssuer resource:

    resources: - cluster-issuer-self-signed.yaml #- cluster-issuer-letsencrypt-prod.yaml
  3. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Configure cert-manager"
  4. Install cert-manager resources along with the self-signed ClusterIssuer:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/cert-manager/cert-manager/overlays/deploy


  1. Verify that cert-manager is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1 for all Pods:

    root@rok-tools:~/ops/deployments# kubectl -n cert-manager get pods NAME READY STATUS RESTARTS AGE cert-manager-58bcc6fc8c-s4bm7 1/1 Running 0 1m cert-manager-cainjector-54ffb448d4-tkt9s 1/1 Running 0 1m cert-manager-webhook-6d749899cf-9kjj6 1/1 Running 0 1m


You have successfully installed cert-manager and configured it with a self-signed ClusterIssuer.

What’s Next

The next step is to configure the ELB scheme and subnets.