Automatically manage Certificates in VKS with Nginx Ingress Controller, Cert-Manager, and Let's Encr

Necessary conditions

  • You have initialized the Cluster on the VKS system according to the instructions here and the VNGCloud LoadBalancer Controller has been installed on your cluster .

  • Next, make sure you have a domain registered and in use.

  • Finally, you need an email address to perform the Certificate management test.

  • Next, you need to install nginx-ingress-controller with the command:

helm install nginx-ingress-controller oci://ghcr.io/nginxinc/charts/nginx-ingress --namespace kube-system

Install Cert-Manager

Cert-Manager is responsible for automatically issuing and renewing certificates from Let's Encrypt.

  • Use Helm to install Cert-Manager via command:

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.16.2 \
  --set crds.enabled=true

Steps to follow

Deploy sample app

Let's deploy a sample app, for example:

Issuer Configuration

Issuer is the component that helps Cert-Manager communicate with Let's Encrypt to issue certificates.

Testing on STAGING environment

  1. Create file letsencrypt-issuer.yaml:

  2. Create Issuer on VKS cluster via command:

  3. Check Issuer via command:

  4. The results returned are as follows:

  5. Continue to deploy ingress, change your domain in the yaml file below:

  6. Check certificate via command:

  7. Check certificate details:

  8. Check connection to domain via command:

  9. You can also delete test resources via the command:

Execute on PRODUCTION environment

  1. Create file letsencrypt-issuer.yaml:

  2. Create Issuer on VKS cluster via command:

  3. Check Issuer via command:

  4. Continue to deploy ingress, change your domain in the yaml file below:

PreviousExpose a service through vLB Layer7NextPreserve Source IP when using NLB and Nginx LoadBalancer Controller

Last updated