cert-manager

Helm CRDs

cert-manager does not use the official helm method of installing CRD resources. This is because it makes upgrading CRDs impossible with helm CLI alone. The helm team explain the limitations of their approach here.

if you uninstall the release, the CRDs will also be uninstalled. If that happens then you will loose all instances of those CRDs, e.g. all Certificate resources in the cluster. You should consider if this is likely to happen to you and have a mitigation, such as backups or a means to reapply resources from an Infrastructure as Code (IaC) pattern.

`ClusterIssuer` Secrets

The ClusterIssuer resource is cluster scoped. This means that when referencing a secret via the secretName field, secrets will be looked for in the Cluster Resource Namespace. By default, this namespace is cert-manager however it can be changed via a flag on the cert-manager-controller component.

Write cluster-level Secret into the cert-manager namespace.

`DNS-01` Challenge

Suitable for private domains, because HTTP-01 validators are not able to connect to them.

🪴 Zero's Garden

Explorer

cert-manager

Helm CRDs

`ClusterIssuer` Secrets

`DNS-01` Challenge

Graph View

Table of Contents

🪴 Zero's Garden

Explorer

cert-manager

Helm CRDs

ClusterIssuer Secrets

DNS-01 Challenge

Graph View

Table of Contents

`ClusterIssuer` Secrets

`DNS-01` Challenge