Deploying an HTTPS Website with Kubernetes, Istio, and cert-manager: Part 2

Cert-Manager

$ helm repo add jetstack https://charts.jetstack.io 
$ helm repo update
$ helm install cert-manager jetstack/cert-manager \
--namespace istio-system \
--set installCRDs=true
cert-manager has been deployed successfully!In order to begin issuing certificates, you will need to set up a ClusterIssuer or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).More information on the different types of issuers and how to configure them can be found in our documentation:https://cert-manager.io/docs/configuration/For information on how to configure cert-manager to automatically provision Certificates for Ingress resources, take a look at the `ingress-shim` documentation:https://cert-manager.io/docs/usage/ingress/

Issuer

my-issuer.yml
$ kubectl apply -f my-issuer.yml issuer.cert-manager.io/my-issuer created
$ kubectl -n istio-system get secrets NAME              TYPE    DATA  AGE 
[ ... ]
my-certificate-key Opaque 1 5s

Certificates

my-certificate.yml
$ nslookup YOURDOMAIN.COM Non-authoritative answer: 
Name: YOURDOMAIN.COM
Address: 34.123.203.201
$ kubectl apply -f my-certificate.yml certificate.cert-manager.io/my-cert created
$ kubectl get secret -n istio-system NAME              TYPE                DATA  AGE 
[ ... ]
my-certificate-key Opaque 1 17m
my-ingress-cert kubernetes.io/tls 2 15s

Gateways

my-gateway.yml
$ kubectl apply -f my-gateway.yml gateway.networking.istio.io/bookinfo-gateway-https created

Virtual Services

my-virtualservice.yml
$ kubectl apply -f my-virtualservice.yml virtualservice.networking.istio.io/bookinfo-virtualservice created

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store