kubernetescert-manager

Secure Ingress resources with Cert Manager

Improve this page by contributing to our documentation.

Once you configure an Issuer for Cert Manager (either a Self-Signed Issuer or an ACME Issuer), Cert Manager will make use of this Issuer to create a TLS secret containing the certificates. Cert Manager can only create this secret if the application is already exposed. One way to do this is with an Ingress Resource which exposes the application and includes the corresponding annotations for Cert Manager.

There are two options to expose your application through an Ingress Controller using Cert Manager to manage the TLS certificates:

  • Deploy another Helm chart which supports exposing the application through an Ingress controller. For instance, use the Bitnami Helm Chart for WordPress and configure Ingress for WordPress. To enable the integration with CertManager, add the annotations below to the ingress.annotations parameter:

    # Set up your ingress.class below (in this example, we are using nginx ingress controller)
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
    
  • Create your own Ingress resource as shown in the example below:

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: ingress-test
      annotations:
        # Set up your ingress.class below (in this example, we are using nginx ingress controller)
        kubernetes.io/ingress.class: "nginx"
        cert-manager.io/issuer: "letsencrypt-prod"
    spec:
      tls:
      # Replace the DOMAIN placeholder with the correct domain name
      - hosts:
        - DOMAIN
        secretName: letsencrypt-ca
      rules:
      # Replace the DOMAIN placeholder with the correct domain name
      - host: DOMAIN
        http:
          paths:
          - path: /
            pathType: Exact
            backend:
              service:
                name: ingress-test
                port:
                  number: 80