Update Kubernetes

Kubernetes.md

@@ -75,6 +75,56 @@ save and apply the L2Advertisement config
 kubectl apply -f file.yaml
 ```
 
+# Certificate manager with Let'sEncrypt certificate issuer
+
+CM allows us to issue and maintain SSL certificates in our cluster
+```
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml
+```
+
+By default it will issue fake, self signed certificates , but if your cluster is available directly form the internet you can issue let'sencrypt certs
+so we need to create a file
+```
+CapiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: <MY_EMAIL_ADDRESS>
+    privateKeySecretRef:
+      name: letsencrypt-prod-key
+    solvers:
+    - http01:
+       ingress:
+         class: internal-nginx
+         podTemplate:
+            spec:
+              nodeSelector:
+                "kubernetes.io/os": linux
+```
+Customize and then apply it:
+```
+kubectl apply -f file.yml
+```
+
+To issue valid certs you will need to add these toingress configs for your services
+
+```
+...
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer:letsencrypt-prod
+...
+spec:
+...
+  tls:
+  - hosts:
+    - <SOME-DOMAIN>
+    secretName: some-secret-tls
+...
+```
 
 # Ingress nginx