Skip to main content

Installation

information

Only available for Kubernetes (k8s)

To proceed with the installation of CertManager on our platform we need to execute the following steps:

  1. We add the helm repo of CertManager
helm repo add jetstack https://charts.jetstack.io
warning

In CertManager --set installCRDs=true must be set because otherwise they must be installed separately.

  1. Installed with helm
helm upgrade --install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.10.0 --set installCRDs=true

From the previous command we can note the following details:

  1. You use 'helm upgrade --install' because if it does not exist, install it and if it does exist, upgrade it.
  2. Use '--create-namespace' to create the namespace in Kuberentes if it is not already created.
  3. We use '-n cert-manager' to indicate the namespace where we want to install our application.
  4. We use '--version v1.10.0' to indicate the version we want to install of our application.
  5. We use '--set installCRDs=true' to indicate that we want to install the CRDs.

Issuer

After having installed the CertManager we must proceed to create a certificate issuer, so we must create a file for the ClusterIssuer called clusterissuer.yaml in which we will add the following lines:

information

ClusterIssuer is used to make it available throughout the cluster.

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-nginx
namespace: cert-manager
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: easter@yourdomain.org
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource that will be used to store the account's private key.
name: letsencrypt
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress:
class: appsec-nginx

Certificate

Finally we will proceed to create the certificate that will be issued through the issuer for each of our subdomains. We will create a yaml file named osdocert.yaml with the following content:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: osdo-certs
namespace: cert-manager
spec:
secretName: osdo-certs
commonName: harbor.yourdomain.com
dnsNames:
- harbor.yourdomain.com

issuerRef:
name: letsencrypt-nginx
kind: ClusterIssuer