Manage Certificates with cert-manager
Cloudentity requires certificate to work properly. Cloudentity configuration provides a default certificate, but it should not be used outside of development environment. You can either provide and maintain your own certificate, making sure it is rotated periodically, or use a certificate manager to do this for you.
Certificate manager requires Certificate Authority to sign incomming certificate requests. Although self signed CA could be issued by cert-manager itself, it is recommended to use company trusted CA to sign other certificates.
Learn more
To learn more, visit CA and Self Signed cert-manager documentation.
Prerequisites
- Certificate Manager v1.0+
Integrate cert-manager with Cloudentity
By default, certificate is issued for 90days with rotation on 30days remaining. It uses RSA key of 2048. You can override any of those. For the full list of parameters see values reference here
Example
Enable Cert Manager integration with custom parameters
certManager: enabled: true commonName: acp renewBefore: 360h privateKey: size: 4096 extraNames: - root
Default issuer name is ca-issuer
of type ClusterIssuer
. You can change those settins as shown below:
Example
Generate self signed issuer
apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: selfsigned-issuer spec: selfSigned: {}
Update default issuer
certManager: issuerRef: name: selfsigned-issuer kind: Issuer