Versions Compared

Old Version 15

changes.mady.by.user Jenni Wallin

Saved on

compared with

New Version Current

changes.mady.by.user Jenni Wallin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt
nametls-cert-manager-part-2

Cert-manager must be backed by a certificate authority (CA) to sign the certificates. Once configured with a CA, cert-manager will automatically sign and renew certificates for the system as needed. Configuring cert-manager with a CA is done by creating an Issuer or ClusterIssuer resource (this resource will be referenced later when installing Usage Engine Private Edition).

Refer to https://cert-manager.io/docs/configuration/ for a all the details.

It’s also possible to use an issuer specifiction that will issue a self-signed certificate:

Code Block
languageyaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: example-issuer
spec:
  selfSigned: {}

Please note that the ClusterIssuer mentioned above is only recommended for testing purposes and not for production. In the coming section, we will create a ClusterIssuer of ACME type, which is generally used in production environment.

info

Note!

If your

use case

deployment is intended for a production or production-like environment,

please

skip the self-signed ClusterIssuer creation below.

Regardless of the chosen issuer specification, to create the issuer, simply put the specification in a yaml file (here we call it example-issuer.yaml), and then execute a command like this:

Code Block
languagebash
kubectl apply -f example-issuer.yaml

Based on the example above the created ClusterIssuer can be inspected like this:

Code Block
languagebash
kubectl get clusterissuers example-issuer -o yaml

...