How do I deploy a Kubernetes cert-manager.io ClusterIssuer?
In this guide, we will deploy a ClusterIssuer
from cert-manager.io in a Kubernetes cluster using Pulumi. A ClusterIssuer
is a resource that defines how certificates should be obtained and managed cluster-wide.
Below is the Pulumi program written in TypeScript that creates a ClusterIssuer
for Let’s Encrypt using the ACME protocol:
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
// Create a Kubernetes namespace for cert-manager
const namespace = new k8s.core.v1.Namespace("cert-manager", {
metadata: {
name: "cert-manager",
},
});
// Deploy cert-manager using Helm
const certManager = new k8s.helm.v3.Chart("cert-manager", {
chart: "cert-manager",
version: "v1.7.1",
fetchOpts: {
repo: "https://charts.jetstack.io",
},
namespace: namespace.metadata.name,
values: {
installCRDs: true,
},
});
// Define a ClusterIssuer for Let's Encrypt
const clusterIssuer = new k8s.apiextensions.CustomResource("letsencrypt-prod", {
apiVersion: "cert-manager.io/v1",
kind: "ClusterIssuer",
metadata: {
name: "letsencrypt-prod",
},
spec: {
acme: {
server: "https://acme-v02.api.letsencrypt.org/directory",
email: "your-email@example.com",
privateKeySecretRef: {
name: "letsencrypt-prod",
},
solvers: [
{
http01: {
ingress: {
class: "nginx",
},
},
},
],
},
},
}, { dependsOn: certManager });
Key Points
- We created a namespace
cert-manager
for installing cert-manager. - We used the Helm chart to deploy cert-manager into the Kubernetes cluster.
- We defined a
ClusterIssuer
resource that uses Let’s Encrypt’s ACME server to issue certificates.
Summary
This Pulumi program sets up cert-manager in a Kubernetes cluster and configures a ClusterIssuer
to use Let’s Encrypt for obtaining certificates. This setup is essential for automating the management of TLS certificates in your Kubernetes applications.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.