What Is cert-manager?
cert-manager is a Kubernetes add-on that automates the creation, renewal, and management of TLS certificates. It integrates with Let's Encrypt to provide free SSL certificates for services running on your Breeze.
Install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yamlWait for all pods to be ready:
kubectl get pods -n cert-manager --watchCreate a ClusterIssuer
This configures Let's Encrypt as the certificate authority:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: you@yourdomain.com
privateKeySecretRef:
name: letsencrypt-prod-key
solvers:
- http01:
ingress:
class: nginxkubectl apply -f cluster-issuer.yamlAdd TLS to an Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: nginx
tls:
- hosts:
- app.yourdomain.com
secretName: app-tls-secret
rules:
- host: app.yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-app-svc
port:
number: 80Verify Certificate
kubectl get certificate
kubectl describe certificate app-tls-secretTroubleshooting
- Check cert-manager logs:
kubectl logs -n cert-manager deploy/cert-manager - Inspect challenges:
kubectl get challenges - Ensure port 80 is accessible for HTTP-01 validation
cert-manager handles renewals automatically, so your Breeze services stay secured without manual intervention.