The source code and default configuration of the Building Block is available in our GitLab.
Add the directory
syseleven-cert-manager to your control repository. Add a
.gitlab-ci.yml to the directory with the following content:
include: - project: syseleven/building-blocks/helmfiles/cert-manager file: JobDevelopment.yaml ref: 4.0.0 - project: syseleven/building-blocks/helmfiles/cert-manager file: JobStaging.yaml ref: 4.0.0 - project: syseleven/building-blocks/helmfiles/cert-manager file: JobProduction.yaml ref: 4.0.0
Remove environments you are not using by removing their include.
Strictly speaking, no configuration is required to deploy this building block. But we strongly recommended configuring a ACME account email address. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails.
You need to add one of two annotations to your ingress and configure the TLS section:
cert-manager.io/cluster-issuer: "letsencrypt-production"to get a valid certificate from Let's Encrypt.
cert-manager.io/cluster-issuer: "letsencrypt-staging"to get a certificate from Let’s Encrypts staging CA. This certificate will not be accepted by tooling and browsers. Use it only for testing purposes.
Your ingress needs a
spec.tls section. An example:
tls: - hosts: - subdomain.example.com secretName: subdomain.example.com-tls
secretNameso that cert-manager knows where to save the certificate and the ingress-controller knows which certificate to use.
If you use our SysEleven Stack DNSaaS, the relevant configuration for DNS challenges is already included by default.
To use the DNS challenge, add the following label to your Ingress/Certificate:
This building block consists of multiple components. Each of the components can and must be scaled individually.