It's the successor of kube-lego (obtaining TLS certificates only from Let's Encrypt)
Cert-Manager is a very popular open source certificate management tool, specifically designed to work with Kubernetes. It can handle all the required operations for obtaining, renewing and using SSL/TLS certificates. Cert-Manager is able to talk with various certificate authorities (or CAs), like: Let’s Encrypt, HashiCorp Vault, and Venafi, and issue valid certificates for you automatically. On top of that, it can also take care of automatic certificate renewal before expiration.
task security:cert-manager-install## Deploy Self Signed Cluster Issuer
kubectl apply -f security/cert-manager/issuers/self.clusterissuer.yml## ClusterIssuer certificate request for our Nginx workload
kubectl apply -f security/cert-manager/nginx.certificate.yml
## Deploy Workload Nginx With TLS
kubectl apply -f security/cert-manager/nginx.ymlVisit this URL https://nginx-cert-manager.127.0.0.1.nip.io
⚠️ It's normal for the browser to raise an alert. The certificate is self-signed.
You can use others Issuers or CAs as Cluster Issuer, BUT you must have control of the DNS zone.
If you don't want to create the certificate yourself for the domains in the ingress resource, you can delegate this task to CertManager. Simply use the annotations provided for this purpose : this function is provided by a CertManager sub-component called ingress-shim
# Check that the certificate "nginx-cert-manager-ing-shim.127.0.0.1.nip.io-tls" has been created by ingress-shim
kubectl get certificateVisit this URL https://nginx-cert-manager-ing-shim.127.0.0.1.nip.io
task security:cert-manager-uninstall
kubectl delete -f security/cert-manager/self.clusterissuer.yml
kubectl delete -f security/cert-manager/nginx.certificate.yml
kubectl delete -f security/cert-manager/nginx.yml
kubectl delete secret/nginx-cert-manager.127.0.0.1.nip.io-tls