Dev_guideComponents
CoreAI
Cert Manager
Cert Manager documentation
Cert Manager
Description
cert-manager is a powerful and extensible X.509 certificate controller for Kubernetes and OpenShift workloads. It will obtain certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry.
Uses and Functionnalities
- Automated issuance and renewal of certificates to secure Ingress with TLS
- Fully integrated Issuers from recognised public and private Certificate Authorities
- Secure pod-to pod communication with mTLS using private PKI Issuers
- Supports certificate use cases for web facing and internal workloads
- Open source add-ons for enhanced cloud native service mesh security
CICD integration method
As cert-manager manages all Certificates and CAs in the CICD, this component is mandatory during deployment. Set the following variables in your main configuration file.
cert_manager = {
enabled = true
version = "v1.16.3"
namespace = "cert-manager"
component = "dp-common"
url_prefix = ""
release_name = "cert-manager"
}However, it should be noted that it requires configuration that allows you to select two certificate generation modes:
- Let's Encrypt: Uses the free OpenSource Certificate Authority to validate CAs.
secret.auto.tfvars :
letsencrypt_cluster_issuer_name = "letsencrypt-cluster-issuer"
selfigned_cluster_issuer_name = "selfsigned"
acme_certificate_issuer_name = "letsencrypt-cluster-issuer"- Self-Signed Certificate: Uses a self-signed certificate, generated manually, in the CICD to simulate a certificate expressly provided by a client (Internal PKI).
secret.auto.tfvars :
letsencrypt_cluster_issuer_name = "letsencrypt-cluster-issuer"
selfigned_cluster_issuer_name = "selfsigned"
acme_certificate_issuer_name = "selfsigned"Releases
| Date | Num. Version | Num. Chart | Description |
|---|