-
-
Notifications
You must be signed in to change notification settings - Fork 135
3.3. Cert manager
cert manager is a native Kubernetes certificate management controller. It can help with issuing certificates from a variety of sources, such as Let’s Encrypt, HashiCorp Vault, Venafi, a simple signing keypair, or self signed.
It will ensure certificates are valid and up to date, and attempt to renew certificates at a configured time before expiry.
cert-manager runs within your Kubernetes cluster as a series of deployment resources. It utilises CustomResourceDefinitions to configure Certificate Authorities and request certificates.
Install the CustomResourceDefinition resources separately if you don't have them installed already.
https://cert-manager.io/docs/installation/kubernetes/#note-helm-v2
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.0/cert-manager.crds.yamlBy default cert-manager will be installed with other resources in go-api-boilerplate namespace.
For it to work you have to add Jetstack helm repository
# Add the Jetstack Helm repository
helm repo add jetstack https://charts.jetstack.io
# Update your local Helm chart repository cache
helm repo updateIf you do have cert-manager already installed, it can be disabled by setting enabled value to false.
cert-manager:
+ enabled: false
ingressShim:
defaultIssuerName: letsencrypt
defaultIssuerKind: IssuerDefault issuer was set to self-signed due to Let's Encrypt request https://github.com/vardius/go-api-boilerplate/issues/18. To enable Let's Encrypt Issuer please revert changes made here. Please also remember to set correct domain and email.