Description
cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates
It can issue certificates from a variety of supported sources, including Let's Encrypt, HashiCorp Vault, and Venafi as well as private PKI.
It will ensure certificates are valid and up to date, and attempt to renew certificates at a configured time before expiry.
Installation
Installed by ArgoCD in every Kubernetes cluster, using Helm chart.
Configuration
DNS challenge
cert-manager uses Google Cloud service account to be able to control DNS in safi-dns-safibankonline project, in order to use Let’s encrypt’s DNS challenge.
HTTP challenge
Alternately cert-manager can use HTTP challenge, provided the HTTP server is publicly available over Internet (used in SaFi sandboxes).