Secure Ingress resources with Cert Manager
Once you configure an Issuer for Cert Manager (either a Self-Signed Issuer or an ACME Issuer), Cert Manager will make use of this Issuer to create a TLS secret containing the certificates. Cert Manager can only create this secret if the application is already exposed. One way to do this is with an Ingress Resource which exposes the application and includes the corresponding annotations for Cert Manager.
There are two options to expose your application through an Ingress Controller using Cert Manager to manage the TLS certificates:
Deploy another Helm chart which supports exposing the application through an Ingress controller. For instance, use the Bitnami Helm Chart for WordPress and configure Ingress for WordPress. To enable the integration with CertManager, add the annotations below to the ingress.annotations parameter:
# Set up your ingress.class below (in this example, we are using nginx ingress controller) kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-prod
Create your own Ingress resource as shown in the example below:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ingress-test annotations: # Set up your ingress.class below (in this example, we are using nginx ingress controller) kubernetes.io/ingress.class: "nginx" cert-manager.io/issuer: "letsencrypt-prod" spec: tls: # Replace the DOMAIN placeholder with the correct domain name - hosts: - DOMAIN secretName: letsencrypt-ca rules: # Replace the DOMAIN placeholder with the correct domain name - host: DOMAIN http: paths: - path: / pathType: Exact backend: service: name: ingress-test port: number: 80