Versions Compared

Old Version 3

changes.mady.by.user Wei Siong Siow

Saved on

compared with

New Version 4

changes.mady.by.user Wei Siong Siow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt
nametls-cert-manager-part-1

cert-manager

The most automated and secure way to provide the certificate is to use https://cert-manager.io/ .

If it is not already installed in your Kubernetes cluster, follow these instructions on how to install the cert-manager https://cert-manager.io/docs/installation/helm/ chart. Make sure to install a version that is listed in the /wiki/spaces/UEPE4D/pages/303826936.

Excerpt
nametls-cert-manager-part-common

Cert-manager must be backed by a certificate authority (CA) to sign the certificates. Once configured with a CA, cert-manager will automatically sign and renew certificates for the system as needed. Configuring cert-manager with a CA is done by creating an Issuer or ClusterIssuer resource (this resource will be referenced later when installing Usage Engine Private Edition).

Refer to https://cert-manager.io/docs/configuration/ for a all the details.

It’s also possible to use an issuer specifiction that will issue a self-signed certificate:

Code Block
languageyaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: example-issuer
spec:
  selfSigned: {}
apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: example-issuer spec: selfSigned: {}

Excerpt
nametls-cert-manager-part-2

Cert-manager must be backed by a certificate authority (CA) to sign the certificates. Once configured with a CA, cert-manager will automatically sign and renew certificates for the system as needed. Configuring cert-manager with a CA is done by creating an Issuer or ClusterIssuer resource (this resource will be referenced later when installing Usage Engine Private Edition).

Refer to https://cert-manager.io/docs/configuration/ for a all the details.

It’s also possible to use an issuer specifiction that will issue a self-signed certificate:

Code Block
languageyaml
Insert excerpt
General Usage Engine Private Edition Preparations (4.3)
General Usage Engine Private Edition Preparations (4.3)
nametls-cert-manager-part-common
nopaneltrue

Please note that the ClusterIssuer mentioned above is only recommended for testing purposes and not for production. In the coming section, we will create a ClusterIssuer of ACME type, which is generally used in production environment.

Info

If your use case is intended for a production or production-like environment, please skip the self-signed ClusterIssuer creation below.

Regardless of the chosen issuer specification, to create the issuer, simply put the specification in a yaml file (here we call it example-issuer.yaml), and then execute a command like this:

Code Block
languagebash
kubectl apply -f example-issuer.yaml

Based on the example above the created ClusterIssuer can be inspected like this:

Code Block
languagebash
kubectl get clusterissuers example-issuer -o yaml

...