Skip to main content

Cert-Manager

Overview

Cert-Manager is available as an add-on within Ankra's platform, allowing you to automatically deploy and manage TLS certificates for your Kubernetes services. With Ankra’s integration, Cert-Manager can be installed into your cluster effortlessly through the platform’s user interface or via API, without the need for manual intervention.

Configuration Options

The Cert-Manager add-on offers configurable inputs that allow you to tailor the deployment to your specific requirements. The following inputs are available for configuration:

Inputs

  • Helm Chart Version
    This input defines the version of the Cert-Manager Helm chart that will be deployed.

    • Default: v1.15.3
    • Options:
      • v1.15.3 (default)

    Example:

    helm_chart_version: "v1.15.3"

  • Service Monitor Enabled
    This option controls whether the Prometheus service monitor is enabled for Cert-Manager. If you are using Prometheus (requires the Prometheus add-on), enabling this allows Cert-Manager to be monitored via Prometheus for health and metrics tracking.

    • Default: false
    • Options:
      • true
      • false (default)

    Example:

    service_monitor_enabled: "false"

Usage

Deploying Cert-Manager

To deploy Cert-Manager in your Kubernetes cluster using Ankra, follow these steps:

  1. Access the Add-ons Section
    In Ankra's platform, navigate to the Add-ons section and select Cert-Manager from the list of available add-ons.

  2. Configure Inputs
    You will be prompted to configure the available inputs for the add-on:

    • Helm Chart Version: Specify the desired version or leave it as default.
    • Service Monitor Enabled: If you are using Prometheus for monitoring, you can enable this option to track the health of Cert-Manager.

    Example inputs:

    helm_chart_version: "v1.15.3"
    service_monitor_enabled: "true"

  3. Using Cert Manager:

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
    name: example-ingress
    namespace: default
    annotations:
        cert-manager.io/cluster-issuer: "letsencrypt-prod"  # Specifies the Cert-Manager ClusterIssuer to use
        cert-manager.io/acme-challenge-type: "http01"  # Specifies the ACME challenge type (http01 for Let's Encrypt)
        cert-manager.io/issue-temporary-certificate: "true"  # Issues a temporary certificate while waiting for ACME challenge completion
    spec:
    tls:
    - hosts:
        - example.com
        secretName: example-tls
    rules:
    - host: example.com
        http:
        paths:
        - path: /
            pathType: Prefix
            backend:
            service:
                name: example-service
                port:
                number: 80