Helm/Cert Manager

helm repo add jetstack https://charts.jetstack.io helm repo update && helm repo list kubectl config get-contexts

Config

Config
export KUBECONFIG="${HOME}/.kube/dev-kubeconfig.yaml" export KUBECONFIG="${HOME}/.kube/gcp-kubeconfig.yaml" export KUBECONFIG="${HOME}/.kube/config"

Install

kubectl create ns cert-manager|true
kubectl get    ns|cert-manager

helm show values jetstack/cert-manager --version v1.15.1|less
helm show values jetstack/cert-manager --version v1.19.1|less

cat <<'YML' | \
helm -n=cert-manager upgrade --install cert-manager jetstack/cert-manager --version=v1.19.1 -f -
---
crds:
  enabled: true
ingressShim:
  defaultIssuerName: letsencrypt-prod
  defaultIssuerKind: ClusterIssuer
prometheus:
  enabled: false
webhook:
  timeoutSeconds: 30
YML

Uninstall

Uninstall
helm uninstall -n cert-manager cert-manager kubectl delete namespace cert-manager

Cluster Issuer » Let's Encrypt

cat <<'YML' | \
kubectl apply -f -
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: tool.tech@shahed.biz
    privateKeySecretRef:
      name: letsencrypt-staging-ac-key
    solvers:
    - http01:
        ingress:
          class: nginx

---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: tool.tech@shahed.biz
    privateKeySecretRef:
      name: letsencrypt-prod-ac-key
    solvers:
    - http01:
        ingress:
          class: nginx
YML

kubectl get clusterissuer
kubectl get clusterissuer letsencrypt-staging      -o=yaml|yq -P
kubectl get clusterissuer letsencrypt-prod         -o=yaml|yq -P

Cluster Issuer » Self Signed

cat <<'YML' | \
kubectl apply -f -
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned-cert-signer
spec:
  selfSigned: {}
YML

kubectl get clusterissuer
kubectl get clusterissuer  selfsigned-cert-signer  -o=yaml|yq -P

Cert Manager » Webhook » Fixes

Cert Manager » Rollout

kubectl -n  cert-manager rollout restart deployment cert-manager
kubectl -n  cert-manager rollout restart deployment cert-manager-webhook
kubectl -n  cert-manager rollout restart deployment cert-manager-cainjector

kubectl -n  cert-manager delete  secret             cert-manager-webhook-ca
kubectl -n  cert-manager rollout restart deployment cert-manager-webhook
kubectl get ValidatingWebhookConfiguration          cert-manager-webhook

Playground

Playground
helm install -n cert-manager cert-manager jetstack/cert-manager --version v1.14.7 helm upgrade -n cert-manager -i cert-manager jetstack/cert-manager --version v1.15.1 helm show values jetstack/cert-manager --version v1.15.1\|less
export CERT_POD_NAME=$(kubectl -n cert-manager get pod -l 'app.kubernetes.io/name=cert-manager' -o json\|jq -r '.items[0].metadata.name') export CA_POD_NAME=$(kubectl -n cert-manager get pod -l 'app.kubernetes.io/name=cainjector' -o json\|jq -r '.items[0].metadata.name') export HOOK_POD_NAME=$(kubectl -n cert-manager get pod -l 'app.kubernetes.io/name=webhook' -o json\|jq -r '.items[0].metadata.name') kubectl exec -n cert-manager -it svc/cert-manager-webhook -c cert-manager-webhook -- bash kubectl exec -n cert-manager -it svc/cert-manager -c cert-manager-controller -- bash kubectl exec -n cert-manager -it svc/cert-manager -c init -- bash kubectl -n cert-manager exec -it ${CERT_POD_NAME} -- bash
kubectl config --kubeconfig=${HOME}/.kube/aws-kubeconfig.yaml view --flatten kubectl config --kubeconfig=${HOME}/.kube/dev-kubeconfig.yaml view --flatten kubectl config --kubeconfig=${HOME}/.kube/gcp-kubeconfig.yaml view --flatten kubectl config --kubeconfig=${HOME}/.kube/config view --flatten
kubectl delete all --all -n cert-manager kubectl delete ing --all -n cert-manager kubectl delete sts --all -n cert-manager	kubectl delete svc --all -n cert-manager kubectl delete pvc --all -n cert-manager kubectl delete pv --all -n cert-manager
kubectl rollout -n cert-manager history deploy cert-manager kubectl rollout -n cert-manager restart deploy cert-manager kubectl rollout -n cert-manager status deploy cert-manager	kubectl logs -n cert-manager -f ${CERT_POD_NAME} kubectl logs -n cert-manager -f ${HOOK_POD_NAME} kubectl logs -n cert-manager -f ${CA_POD_NAME}

References

References
Helm » Bitnami » Self Signed Certificates Helm » Bitnami » ACME TLS Certificates Helm » Pass YAML/JSON using `stdin` Helm » Prometheus Stack Helm » Cert Manager Helm
Cert Manager » Install & Automate The Renewal Cert Manager » Secure Your Ingress with TLS Cert Manager » Annotated Ingress resource Cert Manager » ACME » HTTP01 Cert Manager » ACME » DNS01 Cert Manager » SelfSigned Cert Manager » Issuers Cert Manager
K8s » Configure Service Accounts for Pods K8s » Restart Pods With Kubectl K8s » Interactive Pod K8s » Restart Pods Docker » Makefile Kubernetes Minikube Kubectl CURL K8s	K8s » OpenShift » Arbitrary User Ids K8s » Helm » Cert Manager » CLI K8s » Helm » Cert Manager K8s » `kubectl rollout`

Helm/Cert Manager

Contents

Config

Install

Uninstall

Cluster Issuer » Let's Encrypt

Cluster Issuer » Self Signed

Cert Manager » Webhook » Fixes

Playground

References

Navigation menu

Helm/Cert Manager

Config

Install

Uninstall

Cluster Issuer » Let's Encrypt

Cluster Issuer » Self Signed

Cert Manager » Webhook » Fixes

Playground

References

Navigation menu

Search