How to Install Cert Manager on Kubernetes

How to Install Cert Manager on Kubernetes

Securing communication over the internet is crucial, and Kubernetes, as a powerful container orchestration system, emphasizes the importance of robust security measures. One such essential component for ensuring secure communication within a Kubernetes cluster is Cert Manager. Cert Manager simplifies the management of TLS certificates, automating their issuance and renewal. In this guide, we will walk you through the step-by-step process of installing Cert Manager on Kubernetes, ensuring that your applications can communicate securely.


Before we begin, make sure you have the following prerequisites in place:

  1. A running Kubernetes cluster.
  2. kubectl command-line tool installed.
  3. Helm installed on your local machine.

Step 1: Install Helm on your local machine

Helm is a package manager for Kubernetes that simplifies the deployment and management of applications. If you haven't installed Helm yet, run the following commands:

curl -fsSL -o
chmod 700

Step 2: Deploy Cert Manager using Helm

Now that Helm is installed, we can use it to deploy Cert Manager on our Kubernetes cluster. Run the following commands:

kubectl create namespace cert-manager
helm repo add jetstack
helm repo update
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--version v1.5.3 \
--set installCRDs=true

These commands create a namespace for Cert Manager, add the Jetstack Helm repository, and install Cert Manager using Helm.

Step 3: Verify the installation

After the installation, you can verify that Cert Manager is running correctly by checking the pods in the cert-manager namespace:

kubectl get pods --namespace cert-manager

Ensure that all the Cert Manager pods are in the "Running" state.

Step 4: Create a ClusterIssuer

To enable Cert Manager to issue certificates, you need to create a ClusterIssuer resource. Below is an example YAML configuration for a Let's Encrypt ClusterIssuer:

kind: ClusterIssuer
name: letsencrypt
name: letsencrypt-private-key
- http01:
class: nginx

Adjust the email address and other parameters as needed, then apply the configuration:

kubectl apply -f your-clusterissuer-config.yaml

Step 5: Obtain a TLS certificate

Now that Cert Manager is set up, you can request a TLS certificate for your application. Create a Certificate resource:

kind: Certificate
name: example-tls
namespace: default
secretName: example-tls-secret
name: letsencrypt
kind: ClusterIssuer

Adjust the commonName and dnsNames fields, then apply the configuration:

kubectl apply -f your-certificate-config.yaml

Step 6: Verify the certificate issuance

Check the status of the Certificate resource to ensure that Cert Manager has successfully obtained and issued the TLS certificate:

kubectl get certificate example-tls -o yaml

Look for the status.conditions field; it should show that the certificate has been "Issued."

Congratulations! You have successfully installed Cert Manager on your Kubernetes cluster and obtained a TLS certificate for your application. This ensures secure communication, enhancing the overall security of your Kubernetes environment. As you continue to deploy and manage applications within your cluster, Cert Manager will play a crucial role in automating certificate management.

Related Searches and Questions asked:

  • How to Restart Kubernetes Pods with kubectl
  • Deploy Apache Kafka on Kubernetes
  • A Comprehensive Guide to Understanding Kubernetes Endpoints
  • Understanding Kubernetes Services and Labels
  • That's it for this topic, Hope this article is useful. Thanks for Visiting us.