kube/cert-manager/README.md

# cert-manager

`cert-manager` is used to obtain TLS certificates from Let's Encrypt.
It uses DNS-01 challenge in conjunction with Bind primary
at `ns1.k-space.ee`.
Refer to the [Bind primary Ansible playbook](https://git.k-space.ee/k-space/ansible/src/branch/main/authoritative-nameserver.yaml) and
[Bind namespace on Kubernetes cluster](https://git.k-space.ee/k-space/kube/src/branch/master/bind)
for more details

# For user

Use `Certificate` CRD of cert-manager, refer to
[official documentation](https://cert-manager.io/docs/usage/certificate/).

To find usage examples in this repository use
`grep -r -A10 "^kind: Certificate" .`

# For administrator

Deployed with:

```
curl -L https://github.com/jetstack/cert-manager/releases/download/v1.15.1/cert-manager.yaml -O
kubectl apply -f cert-manager.yaml
```

To update the issuer configuration or TSIG secret:

```
kubectl apply -f default-issuer.yml
 kubectl -n cert-manager create secret generic tsig-secret \
    --from-literal=TSIG_SECRET=<secret>
```

Workaround for webhook timeout issue https://github.com/jetstack/cert-manager/issues/2602
It's not very clear why this is happening, deserves further investigation - presumably Calico related somehow:

```
kubectl delete mutatingwebhookconfiguration.admissionregistration.k8s.io cert-manager-webhook
kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io cert-manager-webhook
```
Initial commit 2022-08-16 09:40:54 +00:00			`# cert-manager`

			`cert-manager` is used to obtain TLS certificates from Let's Encrypt.
bind, cert-manager: Cleanups 2024-08-14 07:04:41 +00:00			`It uses DNS-01 challenge in conjunction with Bind primary`
			at `ns1.k-space.ee`.
			`Refer to the [Bind primary Ansible playbook](https://git.k-space.ee/k-space/ansible/src/branch/main/authoritative-nameserver.yaml) and`
			`[Bind namespace on Kubernetes cluster](https://git.k-space.ee/k-space/kube/src/branch/master/bind)`
			`for more details`
Initial commit 2022-08-16 09:40:54 +00:00
bind, cert-manager: Cleanups 2024-08-14 07:04:41 +00:00			`# For user`

			Use `Certificate` CRD of cert-manager, refer to
			`[official documentation](https://cert-manager.io/docs/usage/certificate/).`

			`To find usage examples in this repository use`
			`grep -r -A10 "^kind: Certificate" .`

			`# For administrator`

			`Deployed with:`
Initial commit 2022-08-16 09:40:54 +00:00
			```
Upgrade cert-manager 2024-07-28 07:37:34 +00:00			`curl -L https://github.com/jetstack/cert-manager/releases/download/v1.15.1/cert-manager.yaml -O`
bind, cert-manager: Cleanups 2024-08-14 07:04:41 +00:00			`kubectl apply -f cert-manager.yaml`
Initial commit 2022-08-16 09:40:54 +00:00			```

bind, cert-manager: Cleanups 2024-08-14 07:04:41 +00:00			`To update the issuer configuration or TSIG secret:`
Initial commit 2022-08-16 09:40:54 +00:00
			```
bind, cert-manager: Cleanups 2024-08-14 07:04:41 +00:00			`kubectl apply -f default-issuer.yml`
Initial commit 2022-08-16 09:40:54 +00:00			`kubectl -n cert-manager create secret generic tsig-secret \`
			`--from-literal=TSIG_SECRET=<secret>`
			```

			`Workaround for webhook timeout issue https://github.com/jetstack/cert-manager/issues/2602`
			`It's not very clear why this is happening, deserves further investigation - presumably Calico related somehow:`

			```
			`kubectl delete mutatingwebhookconfiguration.admissionregistration.k8s.io cert-manager-webhook`
			`kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io cert-manager-webhook`
			```