# Install the CustomResourceDefinition resources

kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.13/deploy/manifests/00-crds.yaml

# Label the cert-manager namespace to disable resource validation

kubectl label namespace ingress-basic cert-manager.io/disable-validation=true

# Add the Jetstack Helm repository

helm repo add jetstack https://charts.jetstack.io

# Update your local Helm chart repository cache

helm repo update

# Install the cert-manager Helm chart

helm install cert-manager --namespace ingress-basic --version v0.13.0 jetstack/cert-manager

# Verify the installation - kubectl get pods --namespace ingress-basic

# You should see the cert-manager, cert-manager-cainjector, and cert-manager-webhook pod

# in a Running state. It may take a minute or so for the TLS assets required for the webhook

# to function to be provisioned. This may cause the webhook to take a while longer to start

# for the first time than other pods.

# https://cert-manager.io/docs/installation/kubernetes/

# Set your email in \deploy\cluster-issuer.yaml and run:

kubectl apply -f .\deploy\cluster-issuer.yaml --namespace ingress-basic

# Set your FQDN in \deploy\ingress.yaml and run:

kubectl apply -f .\deploy\ingress.yaml

# Cert-manager has likely automatically created a certificate object

# for you using ingress-shim, which is automatically deployed with

# cert-manager since v0.2.2. If not, follow this tutorial:

# https://docs.microsoft.com/en-us/azure/aks/ingress-static-ip#create-a-certificate-object)

# to create a certificate object.

# To test, run:

# kubectl describe certificate tls-secret

#

# You connection should now be secure.