1. Answers
  2. Setting up Kubernetes ClusterIssuer with cert-manager.io

How do I build a Kubernetes cert-manager.io ClusterIssuer with Pulumi?

In this guide, we will set up a Kubernetes ClusterIssuer using cert-manager.io with Pulumi. A ClusterIssuer is a Kubernetes resource that represents a certificate authority capable of generating signed certificates. We will use Pulumi to define and deploy this resource in our Kubernetes cluster.

Key Points:

  • We will install the cert-manager Helm chart to manage certificates.
  • We will create a ClusterIssuer resource using Pulumi.
  • The ClusterIssuer will be configured to use Let’s Encrypt for issuing certificates.
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Install cert-manager using the Helm chart
const certManager = new k8s.helm.v3.Chart("cert-manager", {
    chart: "cert-manager",
    version: "v1.6.1",
    fetchOpts: {
        repo: "https://charts.jetstack.io",
    },
    values: {
        installCRDs: true,
    },
});

// Create a ClusterIssuer for Let's Encrypt
const clusterIssuer = new k8s.apiextensions.CustomResource("letsencrypt-clusterissuer", {
    apiVersion: "cert-manager.io/v1",
    kind: "ClusterIssuer",
    metadata: {
        name: "letsencrypt-clusterissuer",
    },
    spec: {
        acme: {
            server: "https://acme-v02.api.letsencrypt.org/directory",
            email: "your-email@example.com",  // Replace with your email
            privateKeySecretRef: {
                name: "letsencrypt-private-key",
            },
            solvers: [{
                http01: {
                    ingress: {
                        class: "nginx",  // Replace with your ingress class
                    },
                },
            }],
        },
    },
}, { dependsOn: certManager });

export const clusterIssuerName = clusterIssuer.metadata.name;

Summary:

In this guide, we set up a ClusterIssuer in Kubernetes using cert-manager.io with Pulumi. We first installed the cert-manager Helm chart and then created a ClusterIssuer resource configured to use Let’s Encrypt for issuing certificates. This setup allows Kubernetes to automatically manage and renew TLS certificates for your applications.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up