cert-manager is the automate certificate management in cloud native environments. cert-manager builds on top of Kubernetes and OpenShift to provide X.509 certificates and issuers as first-class resource types.
This article is about how to use Pulumi, kubernetes (K8S) provider, Helm Chart and TypeScript SDK to deploy cert-manager within Kubernetes (K8S).
Provide ‘certificates as a service’ securely to developers and applications working within your cluster.
Supports Let’s Encrypt, HashiCorp Vault, Venafi and private PKI
Easy to use Kubernetes-native certificate management
Secure issuance of public and private certificates
Simple to extend, if you need more control
Actively developed, maintained and improved
Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications.
See Getting started | Kubernetes - https://kubernetes.io/docs/setup/ to leanr more.
Pulumi is a modern infrastructure-as-code platform that allows you to use common programming languages, tools, and frameworks, to provision, update, and manage cloud infrastructure resources.
Install the Pulumi - https://www.pulumi.com/ CLI.
Mac OS X
brew install pulumi
See Download and Install | Pulumi - https://www.pulumi.com/docs/get-started/install/ to learn more about others OS.
Install Node.js - https://nodejs.org/en/ CLI.
Mac OS X
brew install node
See Node.js - https://nodejs.org/en/ to learn more about others OS.
Create the workspace directory.
mkdir -p col-example-pulumi-typescript-cert-manager
Pulumi login into local file system.
pulumi login file://.
Pulumi new a project with kubernetes-typescript SDK.
pulumi new kubernetes-typescript
The above command will create some files within the current directory.
tree . -L 1
js-yaml package to load and parse yaml file.
npm i js-yaml
By default, Pulumi will look for a kubeconfig file in the following locations, just like kubectl:
The environment variable:
Or in current user’s default kubeconfig directory:
If the kubeconfig file is not in either of these locations, Pulumi will not find it, and it will fail to authenticate against the cluster. Set one of these locations to a valid kubeconfig file, if you have not done so already.
Edit values.yaml and replace content within
See and modify main.ts file.
Run pulumi up to create the namespace and pods.
See pods about cert-manager.
kubectl get pods -n cert-manager
Destroy all resources created by Pulumi.