...
Excerpt |
---|
name | tls-cert-manager-part-common |
---|
|
Cert-manager must be backed by a certificate authority (CA) to sign the certificates. Once configured with a CA, cert-manager will automatically sign and renew certificates for the system as needed. Configuring cert-manager with a CA is done by creating an Issuer or ClusterIssuer resource (this resource will be referenced later when installing Usage Engine Private Edition). Refer to https://cert-manager.io/docs/configuration/ for a all the details. It’s also possible to use an issuer specifiction that will issue a self-signed certificate: Code Block |
---|
| apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: example-issuer
spec:
selfSigned: {} |
|
Excerpt |
---|
name | tls-cert-manager-part-2 |
---|
|
Cert-manager must be backed by a certificate authority (CA) to sign the certificates. Once configured with a CA, cert-manager will automatically sign and renew certificates for the system as needed. Configuring cert-manager with a CA is done by creating an Issuer or ClusterIssuer resource (this resource will be referenced later when installing Usage Engine Private Edition). Refer to https://cert-manager.io/docs/configuration/ for a all the details. It’s also possible to use an issuer specifiction that will issue a self-signed certificate: Code Block |
---|
|
|
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: example-issuer
spec:
selfSigned: {} Insert excerpt |
---|
| General Usage Engine Private Edition Preparations (4.3) |
---|
| General Usage Engine Private Edition Preparations (4.3) |
---|
name | tls-cert-manager-part-common |
---|
nopanel | true |
---|
|
Please note that the ClusterIssuer
mentioned above is only recommended for testing purposes and not for production. In the coming section, we will create a ClusterIssuer
of ACME type
, which is generally used in production environment.
Info |
---|
If your use case is intended for a production or production-like environment, please skip the self-signed ClusterIssuer creation below. |
Regardless of the chosen issuer specification, to create the issuer, simply put the specification in a yaml file (here we call it example-issuer.yaml
), and then execute a command like this:
Code Block |
---|
|
kubectl apply -f example-issuer.yaml |
Based on the example above the created ClusterIssuer
can be inspected like this:
Code Block |
---|
|
kubectl get clusterissuers example-issuer -o yaml |
...