Skip to content

its4u/cert-manager-routes-controller

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

175 Commits
.github
.github
 
 
charts
charts
 
 
ctrl
ctrl
 
 
img
img
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
VERSION
VERSION
 
 

Repository files navigation

cert-manager OpenShift controller

An anti-anxiety pill against certificates renewal nightmares in OpenShift

No more sleep disorders... No more spending nights wondering whether a certificate has expired in your cluster...
The automation power of cert-manager is now unleashed for OpenShift routes 🚀

Requirements

An OpenShift Container Platform cluster with cert-manager installed.

We recommend that you use the cert-manager Operator for RedHat Openshift

Installation (Helm)

  1. Make sure that the chart repository is installed and up-to-date
helm repo add its4u-cm https://its4u.github.io/cert-manager-routes-controller
helm repo update
  1. Install cert-manager-routes-controller
  • In the default cert-manager namespace:
helm upgrade --install cert-manager-routes-controller its4u-cm/cert-manager-routes-controller
  • In a custom <CUSTOM_NS_NAME> namespace:
helm upgrade --install cert-manager-routes-controller its4u-cm/cert-manager-routes-controller \
    --set cert_manager_namespace=<CUSTOM_NS_NAME>

How to use

  1. Create a ClusterIssuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: <CLUSTER_ISSUER_NAME>
spec:
    ...
  1. Annotate the Route that needs to be managed by cert-manager as follows:
annotations:
    cert-manager.io/cluster-issuer: <CLUSTER_ISSUER_NAME>
  1. Sit tight and watch your route's TLS being automatically populated!

On the first certificate issuance, it might take a few minutes for the certificate to be ready. Hence, you might have to wait a little before you see your route being populated 😉

  1. That's it!
    cert-manager will take care of the certificate renewal process.
    Our controller will ensure that your route's TLS is always populated with the correct up-to-date certificate.

Where are the Certificates stored?

All of the Certificates and their respective Secret are stored in the same CERT_MANAGER_NAMESPACE. This allows us to reuse a Certificate cluster-wide and avoid reordering a Certificate that already exists in the cluster.

For instance, we have a route https://example.com/hello in the hello NS and a route https://example.com/world in the world NS. Both of these routes use the same domain, hence only one certificate is required. Therefore, we won't be ordering two certificates. We'll merely use the same one for both routes even though they're in a different namespace.

Take a peek at our Wiki for more information

The cert-manager-routes-controller wiki

About

Automating OpenShift routes' certificates renewal with cert-manager made easy!

its4u.github.io/cert-manager-routes-controller/

Topics

tls kubernetes automation certificate openshift redhat route cert-manager

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

3 watching

Forks

3 forks
Report repository

Releases 13

cert-manager-routes-controller-1.3.0 Latest
Aug 10, 2023
+ 12 releases

Packages

 
 
 

Contributors 2

  •  
  •  

Languages