Cert Manager

Cert ManagerCert Manager is a powerful and extensible X.509 certificate controller for Kubernetes and OpenShift workloads. It will obtain certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry.

Product: Cert Manager
Install Type: Helm (Chart)
Container Image: Red Hat

Installation Details

Cert Manager can be installed like any other Helm chart. While you may be able to skip thisi step, I do like to have a values.yaml for reference and to customize as needed. To generate that:

helm show values oci://registry-1.docker.io/bitnamicharts/cert-manager > values.yaml

The Artifact Hub page about the chart has some excellent examples for customizing your install and getting it to work with Let's Encrypt. Also, installation documentation at Cert Manager will also help. For example, you may wish to install the CRDs with the helm chart by editing the following line in values.yaml:

installCRDs: true

Once you have made your changes you can install Cert Manager with:

helm upgrade --install --namespace cert-manager --create-namespace \
        cert-manager oci://registry-1.docker.io/bitnamicharts/cert-manager -f values.yaml

Now that Cert Manager is installed, you can configure an ACME issuer like Let's Encrypt for your external facing web sites or Step CA for your internal facing web sites to provide TLS security for all of your web pages.