How to Install and Configure cert-manager on Kubernetes with Helm

With the rise of cloud computing and micro‑service architectures, Kubernetes has become the de‑facto container orchestration platform. Ensuring secure communication between services is critical, and TLS certificates are essential. Jetstack’s open‑source cert-manager simplifies certificate lifecycle management.

Prerequisites

Install Helm v3+ and a supported Kubernetes cluster.

Supported cert-manager versions and Kubernetes compatibility:

v1.15 – supports Kubernetes 1.25 to 1.31 (end‑of‑life at 1.17)

v1.14 – supports Kubernetes 1.24 to 1.31 (end‑of‑life at 1.16)

v1.12 LTS – supports Kubernetes 1.22 to 1.31 (EOL May 19 2025)

Install cert-manager

1. Add the Jetstack Helm repository:

$ helm repo add jetstack https://charts.jetstack.io --force-update
"jetstack" has been added to your repositories

2. Download version 1.12 chart and push it to a Harbor registry:

# Download chart
$ helm pull jetstack/cert-manager --version v1.12.13

# Push to Harbor
$ helm push cert-manager-v1.12.13.tgz oci://core.jiaxzeng.com/plugins
Pushed: core.jiaxzeng.com/plugins/cert-manager:v1.12.13
Digest: sha256:b4c7cc94bfa93d28c3461d7dbb9a8112c61e5c78bc4b09edc5499b5a5b22e634

Tip: This step requires a node with internet access; typical internal clusters may not have it.

3. Pull the chart on the Kubernetes node:

$ sudo helm pull oci://core.jiaxzeng.com/plugins/cert-manager --version v1.12.13 --untar --untardir /etc/kubernetes/addons/
Pulled: core.jiaxzeng.com/plugins/cert-manager:v1.12.13
Digest: sha256:b4c7cc94bfa93d28c3461d7dbb9a8112c61e5c78bc4b09edc5499b5a5b22e634

4. Create the cert‑manager values file:

global:
  leaderElection:
    namespace: "kube-system"

installCRDs: true

image:
  repository: core.jiaxzeng.com/library/cert-manager/cert-manager-controller
  tag: v1.12.13

http_proxy: "http://172.139.20.170:3888"
https_proxy: "https://172.139.20.170:3888"
no_proxy: "127.0.0.1,localhost,172.139.20.0/24,10.96.0.0/16,10.244.0.0/16"

startupapicheck:
  image:
    repository: core.jiaxzeng.com/library/cert-manager/cert-manager-ctl
    tag: v1.12.13

webhook:
  image:
    repository: core.jiaxzeng.com/library/cert-manager/cert-manager-webhook
    tag: v1.12.13

cainjector:
  image:
    repository: core.jiaxzeng.com/library/cert-manager/cert-manager-cainjector
    tag: v1.12.13

5. Deploy cert‑manager using Helm:

$ helm -n kube-system install cert-manager -f /etc/kubernetes/addons/cert-manager-value.yml /etc/kubernetes/addons/cert-manager
NAME: cert-manager
LAST DEPLOYED: Thu Sep 26 23:23:09 2024
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
NOTES:
cert-manager v1.12.13 has been deployed successfully!

In order to begin issuing certificates, you will need to set up a ClusterIssuer or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

More information on issuers and configuration can be found at https://cert-manager.io/docs/configuration/
Documentation for the ingress-shim is at https://cert-manager.io/docs/usage/ingress/

Reference Documentation

cert-manager releases: https://cert-manager.io/docs/releases/

cert-manager Helm installation guide: https://cert-manager.io/docs/installation/helm/

Conclusion

By following these steps you have installed and configured cert-manager on your Kubernetes cluster, enabling efficient TLS certificate management and improving overall system security.