Certificate resources are used to declare one or more Let's Encrypt issued TLS certificates. Certificate resources are consumed by the Kubernetes Certificate Manager.
Before you can create a Certificate resource you must create the Custom Resource Definition in your Kubernetes cluster.
- apiVersion - The Kubernetes API version. See Certificate Custom Resource Definition.
- kind - The Kubernetes resource type.
- metadata.name - The name of the Certificate resource.
- spec.domain - The DNS domain to obtain a Let's Encrypt certificate for.
- spec.secretName - The name of the created secret. If not set or empty, a name will be generated based on the domain name.
- spec.email - The email address used for a Let's Encrypt registration. Optional, if you set the
-default-emailargument. - spec.provider - The name of the challenge provider plugin (see Configuring your challenge provider(s)). Optional, if you set the
-default-providerargument. - spec.altNames - A string array of optional subject alternative names to be included in the certificate.
The following Kubernetes Certificate configuration assume the following:
- The necessary environment variables for the googlecloud provider are set.
- The
psg.iodomain is registered. - The
psg.iodomain is managed by Google Cloud DNS
apiVersion: "stable.k8s.psg.io/v1"
kind: "Certificate"
metadata:
name: "psg-dot-io"
labels:
stable.k8s.psg.io/kcm.class: "default"
spec:
domain: "psg.io"
email: "[email protected]"
provider: "googlecloud"