1. Answers
  2. Configure a Kubernetes cert-manager.io Issuer with Pulumi

How do I configure a Kubernetes cert-manager.io issuer with Pulumi?

In this guide, we will configure a cert-manager.io Issuer in a Kubernetes cluster using Pulumi. The Issuer is a resource in cert-manager that represents a certificate authority capable of signing certificates. We’ll define an Issuer that uses Let’s Encrypt for issuing certificates.

Key Points:

  • We will create a Kubernetes namespace for cert-manager.
  • We will configure an Issuer resource that uses ACME (Let’s Encrypt) to issue certificates.
  • The Issuer will be configured with the necessary ACME server URL and email for registration.
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Create a namespace for cert-manager
const certManagerNamespace = new k8s.core.v1.Namespace("cert-manager", {
    metadata: { name: "cert-manager" },
});

// Define the Issuer for Let's Encrypt
const letsEncryptIssuer = new k8s.apiextensions.CustomResource("letsencrypt-issuer", {
    apiVersion: "cert-manager.io/v1",
    kind: "Issuer",
    metadata: {
        name: "letsencrypt-issuer",
        namespace: certManagerNamespace.metadata.name,
    },
    spec: {
        acme: {
            email: "your-email@example.com",  // Replace with your email
            server: "https://acme-v02.api.letsencrypt.org/directory",
            privateKeySecretRef: {
                name: "letsencrypt-private-key",
            },
            solvers: [{
                http01: {
                    ingress: {
                        class: "nginx",
                    },
                },
            }],
        },
    },
});

Summary

In this guide, we configured a cert-manager.io Issuer in a Kubernetes cluster using Pulumi. We created a namespace for cert-manager and defined an Issuer resource that uses Let’s Encrypt to issue certificates. The Issuer is configured with the necessary ACME server URL and email for registration. This setup allows cert-manager to request and manage certificates from Let’s Encrypt.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up