{"id":337410,"date":"2021-09-10T15:27:19","date_gmt":"2021-09-10T12:27:19","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-install-kubernetes-cert-manager-and-configure-lets-encrypt-cloudsavvy-it\/"},"modified":"2021-09-10T15:27:19","modified_gmt":"2021-09-10T12:27:19","slug":"how-to-install-kubernetes-cert-manager-and-configure-lets-encrypt-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-install-kubernetes-cert-manager-and-configure-lets-encrypt-cloudsavvy-it\/","title":{"rendered":"#How to Install Kubernetes Cert-Manager and Configure Let\u2019s Encrypt \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a256fbeaaca6\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a256fbeaaca6\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-install-kubernetes-cert-manager-and-configure-lets-encrypt-cloudsavvy-it\/#Installing_Cert-Manager\" >Installing Cert-Manager<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-install-kubernetes-cert-manager-and-configure-lets-encrypt-cloudsavvy-it\/#Adding_the_Kubectl_Plugin\" >Adding the Kubectl Plugin<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-install-kubernetes-cert-manager-and-configure-lets-encrypt-cloudsavvy-it\/#Creating_a_Certificate_Issuer\" >Creating a Certificate Issuer<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-install-kubernetes-cert-manager-and-configure-lets-encrypt-cloudsavvy-it\/#Getting_a_Certificate\" >Getting a Certificate<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-install-kubernetes-cert-manager-and-configure-lets-encrypt-cloudsavvy-it\/#Using_Lets_Encrypt_in_Production\" >Using Let\u2019s Encrypt in Production<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-install-kubernetes-cert-manager-and-configure-lets-encrypt-cloudsavvy-it\/#Upgrading_Cert-Manager\" >Upgrading Cert-Manager<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-install-kubernetes-cert-manager-and-configure-lets-encrypt-cloudsavvy-it\/#Summary\" >Summary<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#How to Install Kubernetes Cert-Manager and Configure Let\u2019s Encrypt \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage aligncenter size-full wp-image-14070\" srcset=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/09\/ba65ab86.jpeg?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/09\/ba65ab86.jpeg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/09\/ba65ab86.jpeg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Graphic showing the Cert-Manager logo\" width=\"1602\" height=\"902\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cert-manager.io\">Cert-Manager<\/a> automates the provisioning of certificates within Kubernetes clusters. It provides a set of custom resources to issue certificates and attach them to services.<\/p>\n<p>One of the most common use cases is securing web <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>s and APIs with SSL certificates from Let\u2019s Encrypt. Here\u2019s how to add Cert-Manager to your cluster, set up a Let\u2019s Encrypt certificate issuer, and acquire a certificate for Pods exposed via an Ingress.<\/p>\n<h2 id=\"installing-cert-manager\"><span class=\"ez-toc-section\" id=\"Installing_Cert-Manager\"><\/span>Installing Cert-Manager<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Cert-Manager is easiest to install using Helm. Helm is a Kubernetes package manager which lets you add applications to your cluster using repositories of pre-built charts. Make sure you\u2019ve got Helm installed and setup with a connection to your Kubernetes cluster.<\/p>\n<p>Begin by adding the Jetstack repository to your Helm installation. Jetstack originally developed Cert-Manager before it was donated to the CNCF.<\/p>\n<pre>helm repo add jetstack https:\/\/charts.jetstack.io&#13;\nhelm repo update<\/pre>\n<p>Now install Cert-Manager into your cluster:<\/p>\n<pre>helm install cert-manager jetstack\/cert-manager --namespace cert-manager --create-namespace --version v1.5.3 --set installCRDs=true<\/pre>\n<p>Replace the version number shown above with the latest release shown in the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cert-manager.io\/docs\/installation\/helm\">Cert-Manager documentation<\/a>.<\/p>\n<p>The command will install Cert-Manager in a new Kubernetes namespace called <code>cert-manager<\/code>. The <code>installCRDs<\/code> setting will add Cert-Manager\u2019s custom Kubernetes resources during the installation. This only works with Helm version 3.2 and newer \u2013 if you\u2019re using an older version, you must manually add the resource definitions with Kubectl:<\/p>\n<pre>kubectl apply -f https:\/\/github.com\/jetstack\/cert-manager\/releases\/download\/v1.5.3\/cert-manager.crds.yaml<\/pre>\n<h2 id=\"adding-the-kubectl-plugin\"><span class=\"ez-toc-section\" id=\"Adding_the_Kubectl_Plugin\"><\/span>Adding the Kubectl Plugin<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Cert-Manager has a Kubectl plugin which simplifies some common management tasks. It also lets you check whether Cert-Manager is up and ready to serve requests.<\/p>\n<p>Install the plugin by downloading its archive and extracting it to the correct directory:<\/p>\n<pre>curl -L -o kubectl-cert-manager.tar.gz https:\/\/github.com\/jetstack\/cert-manager\/releases\/latest\/download\/kubectl-cert_manager-linux-amd64.tar.gz&#13;\ntar xzf kubectl-cert-manager.tar.gz&#13;\nsudo mv kubectl-cert_manager \/usr\/local\/bin<\/pre>\n<p>Now use the plugin to check your Cert-Manager installation is working:<\/p>\n<pre>kubectl cert-manager check api<\/pre>\n<p>You should see the following output:<\/p>\n<pre>The cert-manager API is ready<\/pre>\n<p>Now you\u2019re ready to add an issuer to get certificates from Let\u2019s Encrypt.<\/p>\n<h2 id=\"creating-a-certificate-issuer\"><span class=\"ez-toc-section\" id=\"Creating_a_Certificate_Issuer\"><\/span>Creating a Certificate Issuer<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Issuers and cluster issuers are resources which supply certificates to your cluster. The basic Cert-Manager installation created so far is incapable of issuing certificates. Adding an issuer that\u2019s configured to use Let\u2019s Encrypt lets you dynamically acquire new certificates for services in your cluster.<\/p>\n<p>Create a YAML file in your working directory and name it <code>issuer.yml<\/code>. Add the following content:<\/p>\n<div class=\"wp-geshi-highlight-wrap5\">\n<div class=\"wp-geshi-highlight-wrap4\">\n<div class=\"wp-geshi-highlight-wrap3\">\n<div class=\"wp-geshi-highlight-wrap2\">\n<div class=\"wp-geshi-highlight-wrap\">\n<div class=\"wp-geshi-highlight\">\n<div class=\"yaml\">\n<pre class=\"de1\"><span class=\"co3\">apiVersion<\/span><span class=\"sy2\">: <\/span>cert-manager.io\/v1<span class=\"co3\">\nkind<\/span><span class=\"sy2\">: <\/span>ClusterIssuer<span class=\"co4\">\nmetadata<\/span>:<span class=\"co3\">\n  name<\/span><span class=\"sy2\">: <\/span>letsencrypt-staging<span class=\"co4\">\nspec<\/span>:<span class=\"co4\">\n  acme<\/span>:<span class=\"co3\">\n    server<\/span><span class=\"sy2\">: <\/span>https:\/\/acme-staging-v02.api.letsencrypt.org\/directory<span class=\"co3\">\n    email<\/span><span class=\"sy2\">: <\/span>example@example.com<span class=\"co4\">\n    privateKeySecretRef<\/span>:<span class=\"co3\">\n      name<\/span><span class=\"sy2\">: <\/span>letsencrypt-staging<span class=\"co4\">\n    solvers<\/span>:<span class=\"co4\">\n      - http01<\/span>:<span class=\"co4\">\n          ingress<\/span>:<span class=\"co3\">\n            class<\/span><span class=\"sy2\">: <\/span>nginx<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>You must replace the email address with your own contact email. This will be included in your certificates. Let\u2019s Encrypt may also email you at the address if it needs to send you alerts about your certificates.<\/p>\n<p>We\u2019re creating a <code>ClusterIssuer<\/code> as these are available to all resources in your cluster, irrespective of namespace. A standard <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/docs.cert-manager.io\/en\/release-0.11\/reference\/issuers.html\"><code>Issuer<\/code><\/a> is a namespaced resource which can only supply certificates within its own namespace.<\/p>\n<p>Our issuer configuration instructs Cert-Manager to get certificates from the Let\u2019s Encrypt staging server. It\u2019s a good idea to use the staging environment while you\u2019re setting up your integration to avoid hitting Let\u2019s Encrypt\u2019s stringent production <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/letsencrypt.org\/docs\/rate-limits\">rate limits<\/a>.<\/p>\n<p>Use <code>kubectl<\/code> to add the issuer to your cluster:<\/p>\n<pre>kubectl create -f issuer.yml<\/pre>\n<h2 id=\"getting-a-certificate\"><span class=\"ez-toc-section\" id=\"Getting_a_Certificate\"><\/span>Getting a Certificate<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Now you can use your issuer to acquire a certificate for a service exposed via an Ingress resource. Cert-Manager automatically monitors Ingress resources and creates certificates using the configuration in their <code>tls<\/code> field. You just need to add an annotation that names the issuer or cluster issuer you want to use.<\/p>\n<div class=\"wp-geshi-highlight-wrap5\">\n<div class=\"wp-geshi-highlight-wrap4\">\n<div class=\"wp-geshi-highlight-wrap3\">\n<div class=\"wp-geshi-highlight-wrap2\">\n<div class=\"wp-geshi-highlight-wrap\">\n<div class=\"wp-geshi-highlight\">\n<div class=\"yaml\">\n<pre class=\"de1\"><span class=\"co3\">apiVersion<\/span><span class=\"sy2\">: <\/span>apps\/v1<span class=\"co3\">\nkind<\/span><span class=\"sy2\">: <\/span>Deployment<span class=\"co4\">\nmetadata<\/span>:<span class=\"co3\">\n  name<\/span><span class=\"sy2\">: <\/span>my-app<span class=\"co4\">\nspec<\/span>:<span class=\"co3\">\n  replicas<\/span><span class=\"sy2\">: <\/span>1<span class=\"co4\">\n  selector<\/span>:<span class=\"co4\">\n    matchLabels<\/span>:<span class=\"co3\">\n      app<\/span><span class=\"sy2\">: <\/span>my-app<span class=\"co4\">\n  template<\/span>:<span class=\"co4\">\n    metadata<\/span>:<span class=\"co4\">\n      labels<\/span>:<span class=\"co3\">\n        app<\/span><span class=\"sy2\">: <\/span>my-app<span class=\"co4\">\n    spec<\/span>:<span class=\"co4\">\n      containers<\/span>:<span class=\"co3\">\n        - name<\/span><span class=\"sy2\">: <\/span>my-app<span class=\"co3\">\n          image<\/span><span class=\"sy2\">: <\/span>wordpress:latest<span class=\"co4\">\n          ports<\/span>:<span class=\"co3\">\n            - containerPort<\/span><span class=\"sy2\">: <\/span>80\n\u00a0\n<span class=\"sy1\">---<\/span>\n<span class=\"co3\">\napiVersion<\/span><span class=\"sy2\">: <\/span>v1<span class=\"co3\">\nkind<\/span><span class=\"sy2\">: <\/span>Service<span class=\"co4\">\nmetadata<\/span>:<span class=\"co3\">\n  name<\/span><span class=\"sy2\">: <\/span>my-service<span class=\"co4\">\nspec<\/span>:<span class=\"co4\">\n  selector<\/span>:<span class=\"co3\">\n    app<\/span><span class=\"sy2\">: <\/span>my-app<span class=\"co4\">\n  ports<\/span>:<span class=\"co3\">\n    port<\/span><span class=\"sy2\">: <\/span>80\n\u00a0\n<span class=\"sy1\">---<\/span>\n<span class=\"co3\">\napiVersion<\/span><span class=\"sy2\">: <\/span>networking.k8s.io\/v1beta1<span class=\"co3\">\nkind<\/span><span class=\"sy2\">: <\/span>Ingress<span class=\"co4\">\nmetadata<\/span>:<span class=\"co3\">\n  name<\/span><span class=\"sy2\">: <\/span>my-ingress<span class=\"co4\">\n  annotations<\/span>:<span class=\"co3\">\n    kubernetes.io\/ingress.class<\/span><span class=\"sy2\">: <\/span>nginx<span class=\"co3\">\n    cert-manager.io\/cluster-issuer<\/span><span class=\"sy2\">: <\/span>letsencrypt-staging<span class=\"co4\">\nspec<\/span>:<span class=\"co4\">\n  rules<\/span>:<span class=\"co3\">\n    - host<\/span><span class=\"sy2\">: <\/span>example.com<span class=\"co4\">\n      http<\/span>:<span class=\"co4\">\n        paths<\/span>:<span class=\"co3\">\n          - path<\/span><span class=\"sy2\">: <\/span>\/<span class=\"co4\">\n            backend<\/span>:<span class=\"co3\">\n              serviceName<\/span><span class=\"sy2\">: <\/span>my-service<span class=\"co3\">\n              servicePort<\/span><span class=\"sy2\">: <\/span>80<span class=\"co4\">\n  tls<\/span>:<span class=\"co4\">\n    - hosts<\/span><span class=\"sy2\">:\n<\/span>      - example.com<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>This YAML file defines a Pod, a Service, and an Ingress exposing the service. It assumes use of <code>nginx-ingress<\/code> as the Ingress controller. The Pod runs a WordPress container which will be accessible over HTTPS at <code>example.com<\/code>.<\/p>\n<p>The presence of the <code>cert-manager.io\/cluster-issuer<\/code> annotation in the Ingress resource will be detected by Cert-Manager. It\u2019ll use the <code>letsencrypt-staging<\/code> cluster issuer created earlier to acquire a certificate covering the hostnames defined in the Ingress\u2019 <code>tls.hosts<\/code> field.<\/p>\n<h2 id=\"using-lets-encrypt-in-production\"><span class=\"ez-toc-section\" id=\"Using_Lets_Encrypt_in_Production\"><\/span>Using Let\u2019s Encrypt in Production<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Once you\u2019ve successfully acquired a staging certificate, you can migrate to the Let\u2019s Encrypt production servers. Staging certificates are valid but not trusted by browsers so you must get a production replacement before putting your site live.<\/p>\n<p>It\u2019s best to add a separate cluster issuer for the production server. You can then reference the appropriate issuer in each of your Ingress resources, depending on whether they\u2019re production-ready.<\/p>\n<p>Copy the issuer configuration shown above and change the <code>name<\/code> fields to <code>letsencrypt-production<\/code>. Next, replace the server URL with the value shown below:<\/p>\n<pre>https:\/\/acme-v02.api.letsencrypt.org\/directory<\/pre>\n<p>Create the new issuer in your cluster:<\/p>\n<pre>kubectl create -f issuer-production.yml<\/pre>\n<p>Update your Ingress resource to request a production certificate by changing the value of the <code>cert-manager.io\/cluster-issuer<\/code> annotation to <code>letsencrypt-production<\/code> (or the name you assigned to your own production issuer). Use <code>kubectl<\/code> to apply the change:<\/p>\n<pre>kubectl apply -f my-ingress.yaml<\/pre>\n<p>You should now have fully functioning HTTPS enabled for your Ingress resource. Cert-Manager will automatically manage your certificates and renew them before they expire.<\/p>\n<h2 id=\"upgrading-cert-manager\"><span class=\"ez-toc-section\" id=\"Upgrading_Cert-Manager\"><\/span>Upgrading Cert-Manager<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Cert-Manager releases usually support in-place upgrades with Helm:<\/p>\n<pre>helm repo update&#13;\nhelm upgrade --version &lt;new version&gt; cert-manager jetstack\/cert-manager<\/pre>\n<p>Certificates remain available during upgrades but the renewal process will be halted.<\/p>\n<p>Although upgrades are now normally straightforward, you should always review the release notes to identify potential changes you need to make. This is particularly important if you\u2019re upgrading Kubernetes or moving through several Cert-Manager versions. If you\u2019re still using an older Kubernetes release, you might be on an obsolete Cert-Manager version that requires <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cert-manager.io\/docs\/installation\/upgrading\/upgrading-0.10-0.11\">significant manual intervention<\/a> to bring up to date.<\/p>\n<h2 id=\"summary\"><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Let\u2019s Encrypt is easily added to a Kubernetes cluster using Cert-Manager. You need to install Cert-Manager with Helm, create an issuer that uses the Let\u2019s Encrypt API, then reference that issuer in your Ingress resources.<\/p>\n<p>You can supply Cert-Manager with your own configuration for more advanced use cases. You can specify a certificate lifetime (use the <code>cert-manager.io\/duration<\/code> Ingress annotation), manually declare the certificate\u2019s common name (<code>cert-manager.io\/common-name<\/code>), and use <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cert-manager.io\/docs\/configuration\/acme\/dns01\">DNS challenges<\/a> instead of HTTP. The latter option can be useful in specific scenarios, such as when you want to acquire a wildcard certificate.<\/p>\n<p>Straightforward usage to protect web apps and APIs should work as-is using the resources shown above. HTTP verification works by manipulating the Ingress controller to provide a temporary <code>.well-known<\/code> URL that Let\u2019s Encrypt can access. If your domain provides the correct value at that URL, Let\u2019s Encrypt trusts you\u2019re in control and issues the certificate.\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/14069\/how-to-install-kubernetes-cert-manager-and-configure-lets-encrypt\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#How to Install Kubernetes Cert-Manager and Configure Let\u2019s Encrypt \u2013 CloudSavvy IT&#8221; Cert-Manager automates the provisioning of certificates within Kubernetes clusters. It provides a set of custom resources to issue certificates and attach them to services. One of the most common use cases is securing web apps and APIs with SSL certificates from Let\u2019s Encrypt&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":337411,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/09\/ba65ab86.jpeg","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-337410","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/337410","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=337410"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/337410\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/337411"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=337410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=337410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=337410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}