cert-manager supports many issuing methods: Let's Encrypt is only one of them. To have Let’s Encrypt provide your certs, you need to create an Issuer (namespace-scoped) or a ClusterIssuer (cluster-wide) resource on Kubernetes.
First, set your email address in a variable (this is to get expiry notifications from Let's Encrypt, and is required by their Terms of Service):
export [email protected]
Then run this to deploy the Issuer manifests (the command below will populate your email address in the manifest file):
curl -sSL https://rawgit.com/ahmetb/gke-letsencrypt/master/yaml/letsencrypt-issuer.yaml | \
sed -e "s/email: ''/email: $EMAIL/g" | \
kubectl apply -f-
You will see output:
clusterissuer "letsencrypt-staging" created
clusterissuer "letsencrypt-prod" created
Let's Encrypt has both staging and production endpoints. You should use the staging environment to test the automation out. Once you get things working, you can switch to the production environment.
For this tutorial, we'll dive straight into using the letsencrypt-prod issuer.
Next: Deploy a sample web app on a domain name →