Description

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates

It can issue certificates from a variety of supported sources, including Let's Encrypt, HashiCorp Vault, and Venafi as well as private PKI.

It will ensure certificates are valid and up to date, and attempt to renew certificates at a configured time before expiry.

Installation

Installed by ArgoCD in every Kubernetes cluster, using Helm chart.

Configuration

DNS challenge

cert-manager uses Google Cloud service account to be able to control DNS in safi-dns-safibankonline project, in order to use Let’s encrypt’s DNS challenge.

https://github.com/SafiBank/SaFiMono/blob/main/devops/argocd/environments/common/infra/cert-manager/templates/cluster-issuer-letsencrypt-dns.yaml

HTTP challenge

Alternately cert-manager can use HTTP challenge, provided the HTTP server is publicly available over Internet (used in SaFi sandboxes).

https://github.com/SafiBank/SaFiMono/blob/main/devops/argocd/environments/common/infra/cert-manager/templates/cluster-issuer-letsencrypt-http.yaml

SaFi Bank Space : cert-manager

Description

Installation

Configuration

DNS challenge

HTTP challenge