Secure Ingress resources with Cert Manager

Once you configure an Issuer for Cert Manager (either a Self-Signed Issuer or an ACME Issuer), Cert Manager will make use of this Issuer to create a TLS secret containing the certificates. Cert Manager can only create this secret if the application is already exposed. One way to do this is with an Ingress Resource which exposes the application and includes the corresponding annotations for Cert Manager.

There are two options to expose your application through an Ingress Controller using Cert Manager to manage the TLS certificates:

• Deploy another Helm chart which supports exposing the application through an Ingress controller. For instance, use the Bitnami Helm Chart for WordPress and configure Ingress for WordPress. To enable the integration with CertManager, add the annotations below to the ingress.annotations parameter:

  # Set up your ingress.class below (in this example, we are using nginx ingress controller)
  kubernetes.io/ingress.class: nginx
  cert-manager.io/cluster-issuer: letsencrypt-prod
  

• Create your own Ingress resource as shown in the example below:

  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: ingress-test
    annotations:
      # Set up your ingress.class below (in this example, we are using nginx ingress controller)
      kubernetes.io/ingress.class: "nginx"
      cert-manager.io/issuer: "letsencrypt-prod"
  spec:
    tls:
    # Replace the DOMAIN placeholder with the correct domain name
    - hosts:
      - DOMAIN
      secretName: letsencrypt-ca
    rules:
    # Replace the DOMAIN placeholder with the correct domain name
    - host: DOMAIN
      http:
        paths:
        - path: /
          pathType: Exact
          backend:
            service:
              name: ingress-test
              port:
                number: 80