Skip to main content

Installation

information

Solo disponible para Kubernetes (k8s)

To proceed with the installation of CertManager on our platform we need to execute the following steps:

  1. We add the helm repo of CertManager
helm repo add jetstack https://charts.jetstack.io
warning

In CertManager --set installCRDs=true must be set because otherwise they must be installed separately.

  1. Installed with helm
helm upgrade --install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.10.0 --set installCRDs=true

From the previous command we can note the following details:

  1. You use 'helm upgrade --install' because if it does not exist, install it and if it does exist, upgrade it.
  2. Use '--create-namespace' to create the namespace in Kuberentes if it is not already created.
  3. We use '-n cert-manager' to indicate the namespace where we want to install our application.
  4. We use '--version v1.10.0' to indicate the version we want to install of our application.
  5. We use '--set installCRDs=true' to indicate that we want to install the CRDs.

Issuer

After having installed the CertManager we must proceed to create a certificate issuer, so we must create a file for the ClusterIssuer called clusterissuer.yaml in which we will add the following lines:

information

ClusterIssuer is used to make it available throughout the cluster.

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-nginx
  namespace: cert-manager
spec:
  acme:
    # You must replace this email address with your own.
    # Let's Encrypt will use this to contact you about expiring
    # certificates, and issues related to your account.
    email: easter@yourdomain.org
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      # Secret resource that will be used to store the account's private key.
      name: letsencrypt
    # Add a single challenge solver, HTTP01 using nginx
    solvers:
    - http01:
        ingress:
          class: appsec-nginx

Certificate

Finally we will proceed to create the certificate that will be issued through the issuer for each of our subdomains. We will create a yaml file named osdocert.yaml with the following content:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: osdo-certs
  namespace: cert-manager
spec:
  secretName: osdo-certs
  commonName: harbor.yourdomain.com
  dnsNames:
  - harbor.yourdomain.com

  issuerRef:
    name: letsencrypt-nginx
    kind: ClusterIssuer