forked from k-space/kube
.. | ||
.gitignore | ||
cert-manager.yaml | ||
default-issuer.yaml | ||
README.md |
cert-manager
cert-manager
is used to obtain TLS certificates from Let's Encrypt.
It uses DNS-01 challenge in conjunction with Bind primary
at ns1.k-space.ee
.
Refer to the Bind primary Ansible playbook and
Bind namespace on Kubernetes cluster
for more details
For user
Use Certificate
CRD of cert-manager, refer to
official documentation.
To find usage examples in this repository use
grep -r -A10 "^kind: Certificate" .
For administrator
Deployed with:
curl -L https://github.com/jetstack/cert-manager/releases/download/v1.15.1/cert-manager.yaml -O
kubectl apply -f cert-manager.yaml
To update the issuer configuration or TSIG secret:
kubectl apply -f default-issuer.yml
kubectl -n cert-manager create secret generic tsig-secret \
--from-literal=TSIG_SECRET=<secret>
Workaround for webhook timeout issue https://github.com/jetstack/cert-manager/issues/2602 It's not very clear why this is happening, deserves further investigation - presumably Calico related somehow:
kubectl delete mutatingwebhookconfiguration.admissionregistration.k8s.io cert-manager-webhook
kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io cert-manager-webhook