Certificate Manager#

Note

Secret values used in any of the Helm charts values files on our GitHub repository may be omitted for security reasons. Please audit the Helm charts before trying to install or upgrade to make sure all required information is present.

The Kubernetes cluster running all the different services has cert-manager installed to handle assigning and renewing valid TLS certificates. TLS certificates are required to run HTTPS traffic and add the benefits of establishing trust for online interactions, encrypting data between clients and servers, and helps ensure the integrity of transmitted data.

Installing CRDs#

We installed the cert-manager CustomResourceDefinitions (CRD) with the Helm chart found at this link. Once the CRD is installed we can configure the certificate issuers to use.

Installing ACME issuer#

We utilize Helm once again to install a ClusterIssuer Kubernetes object for our ACME server to issue certificates. The Helm chart that is used to deploy the ACME issuer can be found on our GitHub repository at this link. Once the ACME issuer is installed users can provide the Issuer name, in our case it’s ‘incommon’, to assign and manage their applications certificates.