f63f0912c6
Fixed typo in LetsEncrypt example Removed duplicate Datanet entry from main index.rst Reworked Use Kubernetes CPU Manager Static Policy prerequisite block. Restored fault/index version of FM toctree in top-level index. Added merged doc entries to top level index.rst. Incorporated review comments. Also some generic formatting clean-up such as converting abbreviations to rST-style :abbr: markup. Moved url with embedded substitution out of code-block. Addressed patch 2 review comments. Some addtional rST tidying. See comment replies for open questions/issues. This patch fixes an issue with 'stx' in filenames that may differ downstream using-an-image-from-the-local-docker-registry-in-a-container-spec new substitution and changing code-blocks to parsed-literals as required. Initial submission for review. Note that a couple of references to WR persist in examples. These will be marked up with comments in the review. Signed-off-by: Stone <ronald.stone@windriver.com> Change-Id: I1efef569842caff5def9dc00395b594d91d7a5d0 Signed-off-by: Stone <ronald.stone@windriver.com>
66 lines
2.3 KiB
ReStructuredText
66 lines
2.3 KiB
ReStructuredText
|
|
.. iac1588347002880
|
|
.. _kubernetes-user-tutorials-cert-manager:
|
|
|
|
============
|
|
Cert Manager
|
|
============
|
|
|
|
|prod| integrates the open source project cert-manager.
|
|
|
|
Cert-manager is a native Kubernetes certificate management controller, that
|
|
supports certificate management with external certificate authorities \(CAs\).
|
|
nginx-ingress-controller is also integrated with |prod| in support of http-01
|
|
challenges from CAs as part of cert-manager certificate requests.
|
|
|
|
For more information about Cert Manager, see `cert-manager.io
|
|
<http://cert-manager.io>`__.
|
|
|
|
.. _kubernetes-user-tutorials-cert-manager-section-lz5-gcw-nlb:
|
|
|
|
------------------------------------
|
|
Prerequisites for using Cert Manager
|
|
------------------------------------
|
|
|
|
.. _kubernetes-user-tutorials-cert-manager-ul-rd3-3cw-nlb:
|
|
|
|
- Ensure that your |prod| administrator has shared the local registry's
|
|
public repository's credentials/secret with the namespace where you will
|
|
create certificates,. This will allow you to leverage the
|
|
``registry.local:9001/public/cert-manager-acmesolver`` image.
|
|
|
|
- Ensure that your |prod| administrator has enabled use of the
|
|
cert-manager apiGroups in your RBAC policies.
|
|
|
|
.. _kubernetes-user-tutorials-cert-manager-section-y5r-qcw-nlb:
|
|
|
|
----------------------------------------------
|
|
Resources on Creating Issuers and Certificates
|
|
----------------------------------------------
|
|
|
|
.. _kubernetes-user-tutorials-cert-manager-ul-uts-5cw-nlb:
|
|
|
|
- Configuration documentation:
|
|
|
|
- `https://cert-manager.io/docs/configuration
|
|
<https://cert-manager.io/docs/configuration/>`__/
|
|
|
|
This link provides details on creating different types of certificate
|
|
issuers or CAs.
|
|
|
|
- Usage documentation:
|
|
|
|
- `https://cert-manager.io/docs/usage/certificate/
|
|
<https://cert-manager.io/docs/usage/certificate/>`__
|
|
|
|
This link provides details on creating a standalone certificate.
|
|
|
|
- `https://cert-manager.io/docs/usage/ingress/
|
|
<https://cert-manager.io/docs/usage/ingress/>`__
|
|
|
|
This link provides details on adding a cert-manager annotation to an
|
|
Ingress in order to specify the certificate issuer for the ingress to
|
|
use to request the certificate for its https connection.
|
|
|
|
- :ref:`LetsEncrypt Example <letsencrypt-example>`
|