Skip to content

Latest commit

 

History

History
88 lines (54 loc) · 4.34 KB

obtaining-ssl-certificates-with-the-help-of-cluster-issuer.md

File metadata and controls

88 lines (54 loc) · 4.34 KB
Raw

Obtaining SSL certificates with the help of cluster-issuer

Pre-Reads

{% embed url="https://cert-manager.io/docs/" %}

Pre-requisites

  • DIGIT uses golang (required v1.13.3) automated scripts to deploy the builds onto Kubernetes - Linux or Windows or Mac.
  • kubectl is a CLI to connect to the kubernetes cluster from your machine
  • Install Visualstudio IDE Code for better code/configuration editing capabilities
  • All DIGIT services are packaged using helm charts Installing Helm
  • Git

What is Cert-manager

Cert-manager adds certificates and certificate issuers as a resource types in kubernetes cluster,and simplifies the process of obtaining, renewing and using those certificates. It will ensure certificates are valid and up-to-date, and attempt to renew certificates at a configured time before expiring.

What is SSL Certificate

SSL Certificate is a digital certificate that authenticates a website's identity and enables encrypted connection. SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser. SSL cetificates keeps internet connections secure and prevents criminals from reading or modifying information transferred between two systems.

  • Cert-Manager can issue certificates from a variety of supported sources, including Let's Encrypt, HashiCorp Vault, and Venafi as well as private PKI.
  • In eGov Organization we are using letsencrypt-prod,letsencrypt-staging as a certificate-issuer.
  • First, we have to clone DIGIT-DevOps repo.
$ git clone https://github.com/egovernments/DIGIT-DevOps.git
  • Check the cert-manager chart templates which contains yaml files of clusterissuer and clusterrole in the below link.

https://github.com/egovernments/DIGIT-DevOps/tree/release/config-as- code/helm/charts/backbone-services/cert-manager/templates

  • If we want to override any values in the chart. Open values.yaml and customize the chart.

https://github.com/egovernments/DIGIT-DevOps/blob/release/config-as-code/helm/charts/backbone-services/cert-manager/values.yaml

  • Open egov-demo template in the Visual Studio code.
$ code DIGIT-DevOps/config-as-code/environments/egov-demo.yaml
  • Check whether the below configurations is present in your environment file. If not add these configurations in your environment file.

Deploying cert-manager

Run the following command to deploy only the cert-manager.

$ cd DIGIT-DevOps/deploy-as-code/deployer
$ go run main.go -c -e egov-demo 'cert-manager'
  • After deploying check the certificate is issued or not using the below command. 
$ kubectl get certificates -n <namespace_name>
  • The following output will be displayed.

  • Once the certificate is issued we can see it in secrets.
$ kubectl get secrets
  • The following output will be displayed

  • To know about the cluster-issuers used in our deployement we can use the following command.
$ kubectl get clusterissuers
  • The following output will be displayed