cert-manager

cert-manager is used to obtain TLS certificates from Let's Encrypt. It uses DNS-01 challenge in conjunction with Bind primary at ns1.k-space.ee. Refer to the Bind primary Ansible playbook and Bind namespace on Kubernetes cluster for more details

For developer

Use Certificate CRD of cert-manager, refer to official documentation.

To find usage examples in this repository use grep -r -A10 "^kind: Certificate" .

Deployment

With ArgoCD. Render it locally:

kustomize build . --enable-helm

Webhook timeout

Workaround for webhook timeout issue https://github.com/jetstack/cert-manager/issues/2602 It's not very clear why this is happening, deserves further investigation - presumably Calico related somehow:

kubectl delete mutatingwebhookconfiguration.admissionregistration.k8s.io cert-manager-webhook
kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io cert-manager-webhook