cert-manager-issuers

A Carvel package providing a collection of issuers for cert-manager, used by the Kadras platform to support TLS via a private CA or Let's Encrypt.

🚀  Getting Started

Prerequisites

• Kubernetes 1.28+

• Carvel kctrl CLI.

• Carvel kapp-controller deployed in your Kubernetes cluster. You can install it with Carvel kapp (recommended choice) or kubectl.

  kapp deploy -a kapp-controller -y \
    -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml

Dependencies

cert-manager-issuers requires the cert-manager package. You can install it from the Kadras package repository.

Installation

Add the Kadras package repository to your Kubernetes cluster:

kctrl package repository add -r kadras-packages \
  --url ghcr.io/kadras-io/kadras-packages \
  -n kadras-system --create-namespace

Installation without package repository

The recommended way of installing the cert-manager-issuers package is via the Kadras package repository. If you prefer not using the repository, you can add the package definition directly using kapp or kubectl.

kubectl create namespace kadras-system
kapp deploy -a cert-manager-issuers-package -n kadras-system -y \
  -f https://github.com/kadras-io/cert-manager-issuers/releases/latest/download/metadata.yml \
  -f https://github.com/kadras-io/cert-manager-issuers/releases/latest/download/package.yml

Install the cert-manager-issuers package:

kctrl package install -i cert-manager-issuers \
  -p cert-manager-issuers.packages.kadras.io \
  -v ${VERSION} \
  -n kadras-system

Note You can find the ${VERSION} value by retrieving the list of package versions available in the Kadras package repository installed on your cluster.

kctrl package available list -p cert-manager-issuers.packages.kadras.io -n kadras-system

Verify the installed packages and their status:

kctrl package installed list -n kadras-system

📙  Documentation

Documentation, tutorials and examples for this package are available in the docs folder. For documentation specific to cert-manager, check out cert-manager.io.

🎯  Configuration

The cert-manager-issuers package can be customized via a values.yml file.

letsencrypt:
  include: true
  email: [email protected]

Reference the values.yml file from the kctrl command when installing or upgrading the package.

kctrl package install -i cert-manager-issuers \
  -p cert-manager-issuers.packages.kadras.io \
  -v ${VERSION} \
  -n kadras-system \
  --values-file values.yml

Values

The cert-manager-issuers package has the following configurable properties.

Configurable properties

Config	Default	Description
namespace	cert-manager	The namespace where cert-manager is deployed.
letsencrypt.include	false	Whether to include a ClusterIssuer for Let's Encrypt.
letsencrypt.staging	true	Whether to use Let's Encrypt staging, recommended for non-production environments.
letsencrypt.email	""	The email address that Let's Encrypt will use to send info on expiring certificates or other issues.

🛡️  Security

The security process for reporting vulnerabilities is described in SECURITY.md.

🖊️  License

This project is licensed under the Apache License 2.0. See LICENSE for more information.