1. Answers
  2. Configure a Kubernetes cert-manager.io ClusterIssuer with Pulumi

How do I configure a kubernetes cert-manager.io clusterissuer with Pulumi?

In this guide, we will configure a Kubernetes ClusterIssuer resource using Pulumi. The ClusterIssuer is a cert-manager resource that defines how certificates should be obtained. We will use Pulumi to define and create this resource in your Kubernetes cluster.

Steps:

  1. Install the necessary Pulumi packages.
  2. Define the Kubernetes provider.
  3. Create the ClusterIssuer resource.

Below is the complete Pulumi program written in TypeScript:

import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Define the Kubernetes provider
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: process.env.KUBECONFIG,
});

// Define the ClusterIssuer resource
const clusterIssuer = new k8s.apiextensions.CustomResource("letsencryptClusterIssuer", {
    apiVersion: "cert-manager.io/v1",
    kind: "ClusterIssuer",
    metadata: {
        name: "letsencrypt-prod",
    },
    spec: {
        acme: {
            server: "https://acme-v02.api.letsencrypt.org/directory",
            email: "your-email@example.com",
            privateKeySecretRef: {
                name: "letsencrypt-prod",
            },
            solvers: [{
                http01: {
                    ingress: {
                        class: "nginx",
                    },
                },
            }],
        },
    },
}, { provider: k8sProvider });

// Export the name of the ClusterIssuer
export const clusterIssuerName = clusterIssuer.metadata.name;

Key Points:

  • Kubernetes Provider: We use the k8s.Provider to connect to the Kubernetes cluster.
  • ClusterIssuer Resource: The ClusterIssuer resource is defined with the necessary specifications for cert-manager to use Let’s Encrypt.
  • ACME Configuration: The ACME server URL, email, and private key secret reference are specified for Let’s Encrypt.
  • Solver Configuration: An HTTP-01 solver is configured to use the nginx ingress class for solving ACME challenges.

Summary

In this guide, we configured a ClusterIssuer resource in Kubernetes using Pulumi. This configuration enables cert-manager to obtain certificates from Let’s Encrypt using the HTTP-01 challenge method. The ClusterIssuer is essential for managing certificates in a Kubernetes cluster, and Pulumi simplifies the process of defining and deploying this resource.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up