Created
November 12, 2021 04:02
-
-
Save Vertiwell/213c2cc2ddb4ec520086ddf82d8c6846 to your computer and use it in GitHub Desktop.
cert-manager.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
### Deploying Cert-Manager on Kubernetes for Debian/Ubuntu based OS | |
## Baseline Guide: https://cert-manager.io/docs/installation/helm/ | |
# Type of Deployment: Helm | |
### Minimum Requirements ### | |
## Three Worker Node Cluster (Tested on K0s, K3s, K8s) | |
## No Vault script installation (Vault script deploys cert-manager, although it won't hurt to deploy both) | |
# | |
## The following base packages are required: | |
# Helm, Package Manager | |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && \ | |
chmod 700 get_helm.sh && \ | |
./get_helm.sh && \ | |
# | |
### Installation ### | |
# Add the Helm Chart | |
helm repo add jetstack https://charts.jetstack.io && helm repo update && \ | |
# Create custom values file for Cert-Manager | |
# Helm Chart Values Cert-Manager: https://github.com/jetstack/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml | |
printf 'installCRDs: true\nextraArgs:\n - --dns01-recursive-nameservers-only\n - --dns01-recursive-nameservers=8.8.8.8:53\,1.1.1.1:53\n' > certmanager-values.yaml && \ | |
# Install the Helm Chart for Cert-Manager | |
helm install cert-manager jetstack/cert-manager -f certmanager-values.yaml --namespace cert-manager --create-namespace --version v1.6.0 && \ | |
# Creating a Self Signed issuer (Can be used to bootstrap a CA infrastructure) | |
cat <<EOF >cmself-signed.yaml | |
apiVersion: cert-manager.io/v1 | |
kind: ClusterIssuer | |
metadata: | |
name: selfsigned-issuer | |
namespace: cert-manager | |
spec: | |
selfSigned: {} | |
--- | |
apiVersion: cert-manager.io/v1 | |
kind: Certificate | |
metadata: | |
name: my-selfsigned-ca | |
namespace: cert-manager | |
spec: | |
isCA: true | |
commonName: my-selfsigned-ca | |
secretName: root-secret | |
privateKey: | |
algorithm: ECDSA | |
size: 256 | |
issuerRef: | |
name: selfsigned-issuer | |
kind: ClusterIssuer | |
group: cert-manager.io | |
--- | |
apiVersion: cert-manager.io/v1 | |
kind: Issuer | |
metadata: | |
name: my-ca-issuer | |
namespace: cert-manager | |
spec: | |
ca: | |
secretName: root-secret | |
EOF | |
# Apply the Issuer | |
kubectl apply -f cmself-signed.yaml && \ | |
# Cleanup | |
rm cmself* |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment