Skip to content

Cert Manager

Installation

Add the Jetstack repository:

helm repo add jetstack https://charts.jetstack.io --force-update

Install with custom configuration from values.yaml:

helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --values values.yaml

ClusterIssuer (Let's Encrypt)

See the New Cluster Setup document for the full ClusterIssuer definition used in production.

The cluster uses two issuers: - letsencrypt-prod — production, with real certificates - letsencrypt-staging — for testing (certificates are not trusted by browsers)

For internal apps (managed by the zaroz-kubernetes repo), Cloudflare DNS-01 is used. Three issuers are defined: zaroz-cluster-issuer, stay-cluster-issuer, staytools-cluster-issuer.