Certificate objects are used to declare one or more Let's Encrypt issued TLS certificates. Cetificate objects are consumed by the Kubernetes Certificate Manager.
Before you can create a Certificate object you must create the Certificate Third Party Resource in your Kubernetes cluster.
- apiVersion - The Kubernetes API version. See Certificate Third Party Resource.
- kind - The Kubernetes object type.
- metadata.name - The name of the Certificate object.
- spec.domain - The DNS domain to obtain a Let's Encrypt certificate for.
- spec.email - The email address used for a Let's Encrypt registration.
- spec.project - The Google Cloud Platform project name. Used for managing DNS records.
- spec.serviceAccount - The Kubernetes secret that holds a Google Cloud service account.
The following Kubernetes Certificate configuration assume the following:
- The
hightowerlabs.comdomain is registered. - The
hightowerlabs.comdomain is managed by Google Cloud DNS under thehightowerlabsGoogle Cloud project. - A Kubernetes Secret named
hightowerlabsexists with a key namedservice-account.jsonwhich holds a Google service account with permissions to manage DNS records for thehightowerlabs.comdomain.
Example Certificate Object
apiVersion: "stable.hightower.com/v1"
kind: "Certificate"
metadata:
name: "hightowerlabs-dot-com"
spec:
domain: "hightowerlabs.com"
email: "[email protected]"
project: "hightowerlabs"
serviceAccount: "hightowerlabs"