1. Answers
  2. Deploy a Kubernetes cert-manager.io ClusterIssuer

How do I deploy a Kubernetes cert-manager.io ClusterIssuer?

In this guide, we will deploy a ClusterIssuer from cert-manager.io in a Kubernetes cluster using Pulumi. A ClusterIssuer is a resource that defines how certificates should be obtained and managed cluster-wide.

Below is the Pulumi program written in TypeScript that creates a ClusterIssuer for Let’s Encrypt using the ACME protocol:

import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Create a Kubernetes namespace for cert-manager
const namespace = new k8s.core.v1.Namespace("cert-manager", {
    metadata: {
        name: "cert-manager",
    },
});

// Deploy cert-manager using Helm
const certManager = new k8s.helm.v3.Chart("cert-manager", {
    chart: "cert-manager",
    version: "v1.7.1",
    fetchOpts: {
        repo: "https://charts.jetstack.io",
    },
    namespace: namespace.metadata.name,
    values: {
        installCRDs: true,
    },
});

// Define a ClusterIssuer for Let's Encrypt
const clusterIssuer = new k8s.apiextensions.CustomResource("letsencrypt-prod", {
    apiVersion: "cert-manager.io/v1",
    kind: "ClusterIssuer",
    metadata: {
        name: "letsencrypt-prod",
    },
    spec: {
        acme: {
            server: "https://acme-v02.api.letsencrypt.org/directory",
            email: "your-email@example.com",
            privateKeySecretRef: {
                name: "letsencrypt-prod",
            },
            solvers: [
                {
                    http01: {
                        ingress: {
                            class: "nginx",
                        },
                    },
                },
            ],
        },
    },
}, { dependsOn: certManager });

Key Points

  • We created a namespace cert-manager for installing cert-manager.
  • We used the Helm chart to deploy cert-manager into the Kubernetes cluster.
  • We defined a ClusterIssuer resource that uses Let’s Encrypt’s ACME server to issue certificates.

Summary

This Pulumi program sets up cert-manager in a Kubernetes cluster and configures a ClusterIssuer to use Let’s Encrypt for obtaining certificates. This setup is essential for automating the management of TLS certificates in your Kubernetes applications.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up