Cert-Manager is a very powerful tool when we talk about managing TLS certificates & issuers and no other tool comes near the Cert-Manager for kubernetes in terms of open source, visibility, documentation, installation option, integration, and many more. Even with the same account or cross-account option, there is a direct integration option provided by cert-manager CRDs. This will lead to ease of setting of certificates and managing those created certificates.
For this session/blog, we are going to use ACME certificates [or Let’s encrypt certificates] using DNS01 challenger.
Before setting up we need to have the clarity of account and their functionality.
ACCOUNT-X — EKS SETUP
ACCOUNT Y — ROUTE 53
NOTE: For the same account, you can use serviceaccount to make a call through OIDC To AWS IAM Role.
Cert-Manager simplifies the process of creating & renewing certificates. It makes sure your certificate is valid and up to date by renewing the certificate automatically for you in your kubernetes cluster. So that your domain certificate never expires.
What is Cert-Manager?
Cert-Manager is a Kubernetes native certificate management controller consisting of a set of CustomResourceDefinitions. When we add cert-manager in our Kubernetes cluster it adds on the certificate & certificateissuers as custom resource types in the Kubernetes cluster. which helps in adding or renewing the certificate. It also ensures that your certificate is valid and up to date. Cert-manager can issue certificates from a variety of sources such as let’s encrypt, Vault, and SelfSigned, Venafi.
How cert-manager is related to HTTP & HTTPS?
As cert-manager helps in assigning the certificate from certificate Issuers to our domain. Now that certificate will be used by HTTPS protocol where “S” stands for secure. HTTP protocol was developed in the early 1990s and was initiated by Tim Berners-Lee. HTTP gives users a way to interact with web resources such as HTML files by transmitting hypertext messages between clients and servers. However, it does not provide a single level of security when exchanging information between client and server. Therefore it is more prone to attackers as it sends that data as plain text.