Cert-Manager Controlled Cert Resource

25 views Asked by At

With Cert-Manager using the flow of creating the Certs implicitly from Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    # add an annotation indicating the issuer to use.
    cert-manager.io/cluster-issuer: nameOfClusterIssuer
  ...
spec:
  ...
  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
  - hosts:
    - example.com
    secretName: myingress-cert # < cert-manager will store the created certificate in this secret.

As a result CM creates the Cert. resource on its own as an artifact.

Yet if one want to configure the attributes for the Cert it self e.g. rotationPolicy

apiVersion: cert-manager.io/v1
kind: Certificate
spec:
  secretName: my-cert-tls
  privateKey:
    rotationPolicy: Always #  Here.

So should one to create the same resource in advance preconfigured?

Won't it conflict with CM control flow?

Or should it be updated after creation?

Or where is the right place to configure this?

0

There are 0 answers