Cert manager
Cert manager is a certificate controler for kubernetes.
You can use it to issue and managed (renew, ...) X.509 certificate from a certificate authorities by creating a kubernetes resoures.
Installation
Generate you ovh api keys
Create an api token
-
restict the ip, if possible (not here)
-
replace * with domain
The add them in a new .env file :
application_key=YOUR_APPLICATION_KEY_BASE64
application_secret=YOUR_APPLICATION_SECRET_BASE64
consumer_key=YOUR_CONSUMER_KEY_BASE64
Create the secret :
# Create ovh secret from using kustomize
kubectl apply -k .
Install the 2 helm charts
Install cert-manager :
cd cluster/system/cert-manager/
helm install \
cert-manager oci://quay.io/jetstack/charts/cert-manager \
--version v1.18.2 \
--namespace cert-manager \
--create-namespace \
--set crds.enabled=true
Install ovh-webhook :
helm upgrade --install \
--namespace cert-manager \
-f ovh-webhook.values.yaml \
cm-webhook-ovh \
cert-manager-webhook-ovh-charts/cert-manager-webhook-ovh
# helm uninstall --namespace cert-manager cm-webhook-ovh
Test the install
You can create a self signed certificate (for cert-manager) and a let's encrypt staging certificate (for ovh-webhook) :
# Create certs
kubectl apply -f tests/self-signed-cert.yaml
kubectl apply -f test/staging-le-cert.yaml
# Verifie your certificates
kubectl get cr,cert,ciss,issuers