33 lines
1.1 KiB
Markdown
33 lines
1.1 KiB
Markdown
# cert-manager
|
|
|
|
`cert-manager` is used to obtain TLS certificates from Let's Encrypt.
|
|
It uses DNS-01 challenge in conjunction with Bind primary
|
|
at `ns1.k-space.ee`.
|
|
Refer to the [Bind primary Ansible playbook](https://git.k-space.ee/k-space/ansible/src/branch/main/authoritative-nameserver.yaml) and
|
|
[Bind namespace on Kubernetes cluster](https://git.k-space.ee/k-space/kube/src/branch/master/bind)
|
|
for more details
|
|
|
|
# For developer
|
|
|
|
Use `Certificate` CRD of cert-manager, refer to
|
|
[official documentation](https://cert-manager.io/docs/usage/certificate/).
|
|
|
|
To find usage examples in this repository use
|
|
`grep -r -A10 "^kind: Certificate" .`
|
|
|
|
# Deployment
|
|
With ArgoCD. Render it locally:
|
|
|
|
```sh
|
|
kustomize build . --enable-helm
|
|
```
|
|
|
|
## Webhook timeout
|
|
Workaround for webhook timeout issue https://github.com/jetstack/cert-manager/issues/2602
|
|
It's not very clear why this is happening, deserves further investigation - presumably Calico related somehow:
|
|
|
|
```
|
|
kubectl delete mutatingwebhookconfiguration.admissionregistration.k8s.io cert-manager-webhook
|
|
kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io cert-manager-webhook
|
|
```
|