Skip to main content

Setup Cert-Manager

Here are the step-by-step instructions for setting up Cert-Manager with ZeroSSL as the certificate provider in your Azure Kubernetes Cluster and modifying your application Helm charts to use the certificates:

Prerequisites

  1. Azure Kubernetes Cluster (AKS): Ensure you have a running AKS cluster.
  2. kubectl: Make sure you have kubectl installed and configured to connect to your AKS cluster.
  3. Helm: Install Helm on your local machine if you haven't already.
  4. ZeroSSL Account: Sign up for a ZeroSSL account and obtain your API key.

In a working folder on your PC, setup the Bitnami helm repository and pull the chart.

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm pull bitnami/cert-manager --untar

Step 1: Install Cert-Manager

helm upgrade --install cert-manager cert-manager

Step 2: Create a Let-Encrypt ClusterIssuer CRD

Important

You must successfully install Cert-Manager BEFORE doing this next step.

In the cert-manager/templates/crds folder, create the file crd.clusterissuer-letsencrypt.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
  namespace: cert-manager
spec:
  acme:
    # You must replace this email address with your own.
    # Let's Encrypt will use this to contact you about expiring
    # certificates, and issues related to your account.
    # Replace the EMAIL-ADDRESS placeholder with the correct email account
    email: <EMAIL-ADDRESS>
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-prod
    # Add a single challenge solver, HTTP01 using nginx
    solvers:
      - http01:
          ingress:
            class: nginx

Apply this YAML file by upgrading the cert-manager chart. It will now add the CRD you defined.

helm upgrade --install cert-manager cert-manager --namespace cert-manager --create-namespace --set installCRDs=true

Step 3: Modify Application Helm Charts

Modify your application Helm charts to use the certificates provisioned by Cert-Manager by adding the cert-manager annotation in metadata.annotations.

Here's an example of how you can configure your Ingress resource to use the TLS certificate:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
annotations:
cert-manager.io/cluster-issuer: zerossl-cluster-issuer
spec:
tls:
- hosts:
- example.com
secretName: example-tls-secret
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: example-service
port:
number: 80

Step 5: Deploy Your Application

Deploy your application using the modified Helm charts:

helm install my-app ./path/to/modified/helm/charts

Step 6: Verify

Verify that CertManager has provisioned the TLS certificate from ZeroSSL and associated it with your Ingress resource:

kubectl describe certificate -n <namespace>

That's it! You've now successfully set up CertManager with ZeroSSL as the certificate provider in your Azure Kubernetes Cluster and configured your application to use the TLS certificates.

X

Graph View