{"id":360,"date":"2023-08-31T18:23:38","date_gmt":"2023-08-31T18:23:38","guid":{"rendered":"https:\/\/devopsopen.com\/?p=360"},"modified":"2023-11-05T19:12:22","modified_gmt":"2023-11-05T19:12:22","slug":"install-cert-manager","status":"publish","type":"post","link":"https:\/\/devopsopen.com\/index.php\/2023\/08\/31\/install-cert-manager\/","title":{"rendered":"Install cert-manager and TLS certificate"},"content":{"rendered":"<h2>Install Cert-Manager<\/h2>\n<p>for details :<br \/>\n<a href=\"https:\/\/cert-manager.io\/docs\/tutorials\/acme\/nginx-ingress\/\">https:\/\/cert-manager.io\/docs\/tutorials\/acme\/nginx-ingress\/<\/a><\/p>\n<h2>Install cert manager<\/h2>\n<pre><code>kubectl apply -f https:\/\/github.com\/cert-manager\/cert-manager\/releases\/download\/v1.12.0\/cert-manager.yaml<\/code><\/pre>\n<hr \/>\n<h2>Install issuer<\/h2>\n<p>Let's encrypt give you two environment, staging and production.<\/p>\n<ul>\n<li>Create a ClusterIssuer rather than Issuer because the Issuer have namespace scope only into staging environnement. If you want to create issuer into a namespace, change ClusterIssuer with Issuer into Yaml file bellow<\/li>\n<\/ul>\n<hr \/>\n<pre><code>apiVersion: cert-manager.io\/v1\nkind: ClusterIssuer\nmetadata:\n  name: letsencrypt-staging\nspec:\n  acme:\n    server: https:\/\/acme-staging-v02.api.letsencrypt.org\/directory\n    email: androidbakyass@gmail.com\n    privateKeySecretRef:\n      name: letsencrypt-staging\n    solvers:\n      - http01:\n          ingress:\n            ingressClassName: nginx<\/code><\/pre>\n<hr \/>\n<h2>ingress with cert-manager annotation<\/h2>\n<hr \/>\n<pre><code>apiVersion: networking.k8s.io\/v1\nkind: Ingress\nmetadata:\n  name: keycloak-development-ingress\n  namespace: \"keycloak-dev\"\n  annotations:\n    cert-manager.io\/issue-temporary-certificate: \"true\"\n    acme.cert-manager.io\/http01-edit-in-place: \"true\"\n    cert-manager.io\/cluster-issuer: \"letsencrypt-staging\"\n    nginx.ingress.kubernetes.io\/force-ssl-redirect: 'false'\n    kubernetes.io\/tls-acme: \"true\"\n    nginx.ingress.kubernetes.io\/enable-cors: \"true\"\nspec:\n  ingressClassName: nginx\n  tls:\n    - hosts:\n        - bakdevops.com\n      secretName: bakdevops-tls\n  rules:\n    - host: bakdevops.com\n      http:\n        paths:\n          - path: \/\n            pathType: ImplementationSpecific\n            backend:\n              service:\n                name: keycloak-development-service\n                port:\n                  number: 53582<\/code><\/pre>\n<hr \/>\n<p>cert-manager create a certificate and a certificate request then a challange and then an order to validate the ceritifcate<\/p>\n<hr \/>\n<pre><code>kubectl get challenges\nkubectl get order\nkubectl get certificate\nkubectl get certificaterequest<\/code><\/pre>\n<hr \/>\n<p>You can change and get prod issuer :<\/p>\n<pre><code>    cert-manager.io\/cluster-issuer: &quot;letsencrypt-prod&quot;<\/code><\/pre>\n<h2>Troubleshooting<\/h2>\n<hr \/>\n<pre><code>https:\/\/cert-manager.io\/docs\/troubleshooting\/<\/code><\/pre>\n<hr \/>\n","protected":false},"excerpt":{"rendered":"<p>Install Cert-Manager for details : https:\/\/cert-manager.io\/docs\/tutorials\/acme\/nginx-ingress\/ Install cert manager kubectl apply -f https:\/\/github.com\/cert-manager\/cert-manager\/releases\/download\/v1.12.0\/cert-manager.yaml Install issuer Let&#8217;s encrypt give you two environment, staging and production. Create a ClusterIssuer rather than Issuer because the Issuer have namespace scope only into staging environnement. If you want to create issuer into a namespace, change ClusterIssuer with Issuer into Yaml file bellow apiVersion: cert-manager.io\/v1 kind: ClusterIssuer metadata: name: letsencrypt-staging spec: acme: server: https:\/\/acme-staging-v02.api.letsencrypt.org\/directory email: androidbakyass@gmail.com privateKeySecretRef: name: letsencrypt-staging solvers: &#8211; http01: ingress: ingressClassName: nginx ingress with cert-manager annotation apiVersion: networking.k8s.io\/v1 kind: Ingress metadata: name: keycloak-development-ingress namespace: &#8220;keycloak-dev&#8221; annotations: cert-manager.io\/issue-temporary-certificate: &#8220;true&#8221; acme.cert-manager.io\/http01-edit-in-place: &#8220;true&#8221; cert-manager.io\/cluster-issuer: &#8220;letsencrypt-staging&#8221; nginx.ingress.kubernetes.io\/force-ssl-redirect:\u2026<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":""},"categories":[12],"tags":[],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":5}},"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false},"uagb_author_info":{"display_name":"admin","author_link":"https:\/\/devopsopen.com\/index.php\/author\/admin_bak\/"},"uagb_comment_info":19,"uagb_excerpt":"Install Cert-Manager for details : https:\/\/cert-manager.io\/docs\/tutorials\/acme\/nginx-ingress\/ Install cert manager kubectl apply -f https:\/\/github.com\/cert-manager\/cert-manager\/releases\/download\/v1.12.0\/cert-manager.yaml Install issuer Let's encrypt give you two environment, staging and production. Create a ClusterIssuer rather than Issuer because the Issuer have namespace scope only into staging environnement. If you want to create issuer into a namespace, change ClusterIssuer with Issuer into Yaml&hellip;","_links":{"self":[{"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/posts\/360"}],"collection":[{"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/comments?post=360"}],"version-history":[{"count":5,"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/posts\/360\/revisions"}],"predecessor-version":[{"id":400,"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/posts\/360\/revisions\/400"}],"wp:attachment":[{"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/media?parent=360"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/categories?post=360"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/tags?post=360"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}