Docs / Kubernetes & Orchestration / Setting Up Cert-Manager for Automatic TLS

Setting Up Cert-Manager for Automatic TLS

By Admin · Jan 20, 2026 · Updated Apr 25, 2026 · 7 views · 2 min read

Getting cert-manager right from the start saves hours of debugging later. In this comprehensive guide, we'll cover everything from initial setup to production-ready configuration, including tls and letsencrypt considerations.

Prerequisites

  • kubectl installed on your local machine
  • Root or sudo access to the server
  • A running Kubernetes cluster (K3s or similar)

Deploying the Application

It's recommended to test this configuration in a staging environment before deploying to production. This helps identify potential compatibility issues and allows you to benchmark performance differences.


# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cert-manager-app
  labels:
    app: cert-manager
spec:
  replicas: 2
  selector:
    matchLabels:
      app: cert-manager
  template:
    metadata:
      labels:
        app: cert-manager
    spec:
      containers:
      - name: cert-manager
        image: cert-manager:latest
        ports:
        - containerPort: 8080
        resources:
          requests:
            memory: "128Mi"
            cpu: "250m"
          limits:
            memory: "256Mi"
            cpu: "500m"

The configuration above sets the recommended values for a VPS with 2-4GB of RAM. Adjust the memory-related settings proportionally if your server has different specifications.

  • Enable automatic security updates for critical patches
  • Review log files weekly for anomalies
  • Test your backup restore procedure monthly

Configuring Services and Ingress

For production deployments, consider implementing high availability by running multiple instances behind a load balancer. This approach provides both redundancy and improved performance under heavy load.


# Apply the configuration
kubectl apply -f deployment.yaml
kubectl apply -f service.yaml

# Verify the deployment
kubectl get pods -l app=cert-manager
kubectl describe deployment cert-manager-app
kubectl logs -f deployment/cert-manager-app

Each line in the configuration serves a specific purpose. The comments explain the reasoning behind each setting, making it easier to customize for your specific use case.

  • Enable firewall and allow only necessary ports
  • Use strong, unique passwords for all services
  • Set up fail2ban for brute force protection

Common Issues and Solutions

  • High memory usage: Review the configuration for memory-related settings. Reduce worker counts or buffer sizes if running on a low-RAM VPS.
  • Permission denied errors: Ensure files and directories have the correct ownership. Use chown -R to fix ownership and chmod for permissions.

Next Steps

With cert-manager now set up and running, consider implementing monitoring to track performance metrics over time. Regularly review your configuration as your workload changes and scale resources accordingly.

Was this article helpful?

Related Articles