How to configure self-signed Issuer in cert-manager on Kubernetes

Prerequisites

References

What is Issuer in cert-manager ?

Issuer, and ClusterIssuer, are Kubernetes resources that represent certificate authorities (CAs) that are able to generate signed certificates by honoring certificate signing requests. All cert-manager certificates require a referenced issuer that is in a ready condition to attempt to honor the request.

Issuer –> Namespace scope ClusterIssuer –> Cluster scope

Official Documentation

Yaml file for Self-signed ClusterIssuer

Create a file cluster-issuer.yaml and paste the following content

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned-cluster-issuer
spec:
  selfSigned: {}

Create a Issuer

kubectl apply -f cluster-issuer.yaml

Verify the Issuer

kubectl get clusterissuers -o wide selfsigned-cluster-issuer

Create a certificate

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: my-selfsigned-ca
  namespace: sandbox
spec:
  isCA: true
  commonName: my-selfsigned-ca
  secretName: root-secret
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: selfsigned-issuer
    kind: ClusterIssuer
    group: cert-manager.io