mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
72 lines
3.5 KiB
Plaintext
72 lines
3.5 KiB
Plaintext
:_mod-docs-content-type: ASSEMBLY
|
|
[id="cert-manager-operator-issuer-acme"]
|
|
= Configuring an ACME issuer
|
|
include::_attributes/common-attributes.adoc[]
|
|
:context: cert-manager-operator-issuer-acme
|
|
|
|
toc::[]
|
|
|
|
[role="_abstract"]
|
|
The {cert-manager-operator} supports using Automated Certificate Management Environment (ACME) CA servers, such as _Let's Encrypt_, to issue certificates. Explicit credentials are configured by specifying the secret details in the `Issuer` API object. Ambient credentials are extracted from the environment, metadata services, or local files which are not explicitly configured in the `Issuer` API object.
|
|
|
|
[NOTE]
|
|
====
|
|
The `Issuer` object is namespace scoped. It can only issue certificates from the same namespace. You can also use the `ClusterIssuer` object to issue certificates across all namespaces in the cluster.
|
|
|
|
.Example YAML file that defines the `ClusterIssuer` object
|
|
[source,yaml]
|
|
----
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: acme-cluster-issuer
|
|
spec:
|
|
acme:
|
|
...
|
|
----
|
|
====
|
|
|
|
[NOTE]
|
|
====
|
|
By default, you can use the `ClusterIssuer` object with ambient credentials. To use the `Issuer` object with ambient credentials, you must enable the `--issuer-ambient-credentials` setting for the cert-manager controller.
|
|
====
|
|
|
|
// About ACME issuers
|
|
include::modules/cert-manager-acme-about.adoc[leveloffset=+1]
|
|
|
|
// Supported ACME challenges types
|
|
include::modules/cert-manager-acme-challenges-types.adoc[leveloffset=+2]
|
|
|
|
// Supported DNS-01 providers
|
|
include::modules/cert-manager-acme-dns-providers.adoc[leveloffset=+2]
|
|
|
|
// Configuring an ACME issuer to solve HTTP01 challenges
|
|
include::modules/cert-manager-acme-http01.adoc[leveloffset=+1]
|
|
|
|
// Configuring an ACME issuer to solve DNS01 challenges by using explicit credentials on AWS
|
|
include::modules/cert-manager-acme-dns01-explicit-aws.adoc[leveloffset=+1]
|
|
|
|
//Configuring an ACME issuer to solve DNS01 challenges by using ambient credentials on AWS
|
|
include::modules/cert-manager-acme-dns01-ambient-aws.adoc[leveloffset=+1]
|
|
|
|
// Configuring an ACME issuer to solve DNS01 challenges by using explicit credentials on GCP
|
|
include::modules/cert-manager-acme-dns01-explicit-gcp.adoc[leveloffset=+1]
|
|
|
|
// Configuring an ACME issuer to solve DNS01 challenges by using ambient credentials on GCP
|
|
include::modules/cert-manager-acme-dns01-ambient-gcp.adoc[leveloffset=+1]
|
|
|
|
// Configuring an ACME issuer to solve DNS01 challenges by using explicit credentials on Microsoft Azure
|
|
include::modules/cert-manager-acme-dns01-explicit-azure.adoc[leveloffset=+1]
|
|
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_cert-manager-operator-issuer-acme"]
|
|
== Additional resources
|
|
|
|
* xref:../../security/cert_manager_operator/cert-manager-authenticate.adoc#cert-manager-configure-cloud-credentials-aws-sts_cert-manager-authenticate[Configuring cloud credentials for the {cert-manager-operator} for the AWS Security Token Service cluster]
|
|
|
|
* xref:../../security/cert_manager_operator/cert-manager-authenticate.adoc#cert-manager-configure-cloud-credentials-aws-non-sts_cert-manager-authenticate[Configuring cloud credentials for the {cert-manager-operator} on AWS]
|
|
|
|
* xref:../../security/cert_manager_operator/cert-manager-authenticate.adoc#cert-manager-configure-cloud-credentials-gcp-sts_cert-manager-authenticate[Configuring cloud credentials for the {cert-manager-operator} with {gcp-short} Workload Identity]
|
|
|
|
* xref:../../security/cert_manager_operator/cert-manager-authenticate.adoc#cert-manager-configure-cloud-credentials-gcp-non-sts_cert-manager-authenticate[Configuring cloud credentials for the {cert-manager-operator} on {gcp-short}]
|