Letsencrypt certificate with cert-manager for EKS cluster
This article is for people who are working in the AWS EKS cluster.
Prerequisite
- EKS Cluster.
- Permission to create an IAM role.
Deploy cert-manager,
kubectl apply — validate=false \ -f https://github.com/jetstack/cert-manager/releases/download/v1.5.4/cert-manager.yaml
2. Create IAM Policy
Copy the policy from here
3. Create an IAM Role
Get oidc_id
Run following command in Kubectl server
oidc_id=$(aws eks describe-cluster — name <clustername>— query “cluster.identity.oidc.issuer” — output text | cut -d ‘/’ -f 5)
aws iam list-open-id-connect-providers | grep $oidc_id | cut -d “/” -f4
Copy the trust policy from here,
Create Role.
4. Create Cluster Issuer
kubectl apply -f cluster-issuer.yaml
5. Generate the certificate
kubectl apply -f certificate.yaml
It will take about 5 mins to generate the certificate.
If the staging certificate issued suucessfully, then replace the acme staging url with actual url in cluster issuer.
Replace this — -> server: https://acme-staging-v02.api.letsencrypt.org/directory
To — -> server: https://acme-v02.api.letsencrypt.org/directory
Apply the cluster issuer, after 5 mins your certificate will be ready.
For troubleshooting, Check this docs.
Please also check cert-manager pod logs for troubleshooting.
