Cert-Manager
Fleeting- External reference: https://cert-manager.io/docs/configuration/acme/http01/
- External reference: https://cert-manager.io/docs/configuration/acme/
- External reference: https://cert-manager.io/docs/concepts/acme-orders-challenges/
- External reference: https://cert-manager.io/docs/usage/certificate/
- External reference: https://cert-manager.io/docs/usage/ingress/
If the name field is specified, cert-manager will edit the named ingress resource in order to solve HTTP01 challenges
useful for compatibility with ingress controllers such as ingress-gce, which utilize a unique IP address for each Ingress resource created.
cert-manager offers two challenge validations - HTTP01 and DNS01 challenges.
When a HTTP01 challenge is created, cert-manager will automatically configure your cluster ingress to route traffic for this URL to a small web server that presents this key
. To successfully request a certificate, cert-manager must solve ACME Challenges
— https://cert-manager.io/docs/concepts/acme-orders-challenges/
order represents a single certificate request which will be created automatically once a new CertificateRequest resource referencing an ACME issuer has been created. CertificateRequest resources are created automatically by cert-manager once a Certificate resource is created, has its specification changed, or needs renewal.
— https://cert-manager.io/docs/concepts/acme-orders-challenges/
the Certificate resource represents a human readable definition of a certificate request that is to be honored by an issuer which is to be kept up-to-date.
usual way that you will interact with cert-manager to request signed certificates
Secret needs to be manually deleted if it is no longer needed
would prefer the Secret to be deleted automatically when the Certificate is deleted, you need to configure your installation to pass the –enable-certificate-owner-ref flag to the controller.
TLS signed certificates to secure your ingress resources.
ingress-shim watches Ingress resources across your cluster.
ensure a Certificate resource with the name provided in the tls.secretName field and configured as described on the Ingress exists
following annotations on Ingress resources in order to trigger Certificate resources to be automatically created
small sub-component of cert-manager, ingress-shim, is responsible for this
use different secret names for different domains
If you need to generate certificates from multiple ingresses make sure it has the issuer annotation. Besides the annotation, it is necessary that each ingress possess a unique tls.secretName