Obtaining SSL certificates with the help of cluster-issuer

Pre-Reads

cert-managercert-manager

Pre-requisites

• DIGIT uses golang (required v1.13.3) automated scripts to deploy the builds onto Kubernetes - Linux or Windows or Mac.

• kubectl is a CLI to connect to the kubernetes cluster from your machine

• Install Visualstudio IDE Code for better code/configuration editing capabilities

• All DIGIT services are packaged using helm charts Installing Helm

• Git

What is Cert-manager

Cert-manager adds certificates and certificate issuers as a resource types in kubernetes cluster,and simplifies the process of obtaining, renewing and using those certificates. It will ensure certificates are valid and up-to-date, and attempt to renew certificates at a configured time before expiring.

What is SSL Certificate

SSL Certificate is a digital certificate that authenticates a website's identity and enables encrypted connection. SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser. SSL cetificates keeps internet connections secure and prevents criminals from reading or modifying information transferred between two systems.

• Cert-Manager can issue certificates from a variety of supported sources, including Let's Encrypt, HashiCorp Vault, and Venafi as well as private PKI.

• In eGov Organization we are using letsencrypt-prod,letsencrypt-staging as a certificate-issuer.

• First, we have to clone DIGIT-DevOps repo.

• Check the cert-manager chart templates which contains yaml files of clusterissuer and clusterrole in the below link.

https://github.com/egovernments/DIGIT-DevOps/tree/release/config-as- code/helm/charts/backbone-services/cert-manager/templates

• If we want to override any values in the chart. Open values.yaml and customize the chart.

https://github.com/egovernments/DIGIT-DevOps/blob/release/config-as-code/helm/charts/backbone-services/cert-manager/values.yaml

• Open egov-demo template in the Visual Studio code.

• Check whether the below configurations is present in your environment file. If not add these configurations in your environment file.

Deploying cert-manager

Run the following command to deploy only the cert-manager.

• After deploying check the certificate is issued or not using the below command.

• The following output will be displayed.

• Once the certificate is issued we can see it in secrets.

• The following output will be displayed

• To know about the cluster-issuers used in our deployement we can use the following command.

• The following output will be displayed