-
-
Notifications
You must be signed in to change notification settings - Fork 137
3.3. Cert manager
cert manager is a native Kubernetes certificate management controller. It can help with issuing certificates from a variety of sources, such as Let’s Encrypt, HashiCorp Vault, Venafi, a simple signing keypair, or self signed.
It will ensure certificates are valid and up to date, and attempt to renew certificates at a configured time before expiry.
cert-manager runs within your Kubernetes cluster as a series of deployment resources. It utilises CustomResourceDefinitions to configure Certificate Authorities and request certificates.
If you have installed the CRDs manually instead of with the --set installCRDs=true
option added to your Helm install command, you should upgrade your CRD resources
before upgrading the Helm chart:
# Kubernetes 1.15+
$ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.0/cert-manager.crds.yaml
# Kubernetes <1.15
$ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.0/cert-manager-legacy.crds.yaml
By default cert-manager will be installed with other resources in go-api-boilerplate
namespace.
For it to work you have to add Jetstack helm repository
# Add the Jetstack Helm repository
helm repo add jetstack https://charts.jetstack.io
# Update your local Helm chart repository cache
helm repo update
If you do have cert-manager already installed, it can be disabled by setting enabled value to false
.
cert-manager:
+ enabled: false
ingressShim:
defaultIssuerName: letsencrypt
defaultIssuerKind: Issuer
Default issuer was set to self-signed due to Let's Encrypt request https://github.com/vardius/go-api-boilerplate/issues/18. To enable Let's Encrypt Issuer please revert changes made here. Please also remember to set correct domain and email.