Openware deployments support two main ways of issuing and loading TLS certificates: LetsEncrypt ACME(Automated Certificate Management Environment) and pre-provisioned certificates.
OPEX utilizes cert-manager to connect to LetsEncrypt API and issue certificates.
cert-manager uses CRDs(Custom Resource Definition) so that every aspect of the issuing process could be managed using
kubectl and Kubernetes API.
All the troubleshooting documentation is gathered here
Existing certificates can be loaded into the cluster as Secrets and Ingresses can be configured to utilize them instead of the ones generated by
The steps to use a pre-provisioned TLS certificate in an Ingress are:
1. Create a TLS Secret using the certificate files in the same namespace as the target Ingress
tls.crt: base64 encoded cert
tls.key: base64 encoded key
2. Configure the TLS section of the Ingress config
- host: sslexample.foo.com
- path: /
3. Enjoy secure connections to your services over TLS!