Now we are going to add cert-manager.
cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources.
It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry.
First we need to install the helm recipe:
helm install --name cert-manager stable/cert-manager --namespace cert-managerNow let's install clusterissuer:
ClusterIssuers are a resource type similar to issuers.
They are specified in exactly the same way, but they do not belong to a single namespace and can be referenced by Certificate resources from multiple different namespaces.
helm upgrade infra infra --set externalDns.enabled=true --set certManager.enabled=true --set email=${EMAIL} --set domainNamespace=${DOMAIN_NAMESPACE}Like always you can use the make command instead:
make install-cert-managerWe now finshed adding all of the infra parts to our cluster - good for us!!
Now every time we create an ingress with TLS and hosts the external dns will pick it up -> create a dns record -> then the cert manger will pick it up and add a TLS certifcate!
Step 8 - Create a secure domain