Deployment and Operations

Manage Certificates with cert-manager

Learn how to configure cert-manager to manage certificates for the Cloudentity deployment.

Manage Certificates with cert-manager

Cloudentity requires certificate to work properly. Cloudentity configuration provides a default certificate, but it should not be used outside of development environment. You can either provide and maintain your own certificate, making sure it is rotated periodically, or use a certificate manager to do this for you.

Certificate manager requires Certificate Authority to sign incomming certificate requests. Although self signed CA could be issued by cert-manager itself, it is recommended to use company trusted CA to sign other certificates.

Learn more

To learn more, visit CA and Self Signed cert-manager documentation.

Prerequisites

Integrate cert-manager with Cloudentity

By default, certificate is issued for 90days with rotation on 30days remaining. It uses RSA key of 2048. You can override any of those. For the full list of parameters see values reference here

Example

Enable Cert Manager integration with custom parameters

certManager:
  enabled: true
  commonName: acp
  renewBefore: 360h
  privateKey:
    size: 4096
  extraNames:
    - root

Default issuer name is ca-issuer of type ClusterIssuer. You can change those settins as shown below:

Example

Generate self signed issuer

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: selfsigned-issuer
spec:
  selfSigned: {}

Update default issuer

certManager:
  issuerRef:
    name: selfsigned-issuer
    kind: Issuer