Openware deployments support two main ways of issuing and loading TLS certificates: LetsEncrypt ACME(Automated Certificate Management Environment) and pre-provisioned certificates.
OPEX utilizes cert-manager to connect to LetsEncrypt API and issue certificates.
cert-manager uses CRDs(Custom Resource Definition) so that every aspect of the issuing process could be managed using
kubectl and Kubernetes API.
All the troubleshooting documentation is gathered here
Existing certificates can be loaded into the cluster as Secrets and Ingresses can be configured to utilize them instead of the ones generated by
The steps to use a pre-provisioned TLS certificate in an Ingress are:
apiVersion: v1 kind: Secret metadata: name: testsecret-tls namespace: default data: tls.crt: base64 encoded cert tls.key: base64 encoded key type: kubernetes.io/tls
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: tls-example-ingress spec: tls: - hosts: - sslexample.foo.com secretName: testsecret-tls rules: - host: sslexample.foo.com http: paths: - path: / backend: serviceName: service1 servicePort: 80