KubernetesCertificate
Creates a cert-manager Certificate for requesting signed TLS certificates from an Issuer or ClusterIssuer. Each instance manages one Certificate and its corresponding TLS Secret.
What Gets Created
- Certificate -- cert-manager Certificate CR in the specified namespace
- TLS Secret -- Kubernetes Secret containing the signed certificate and private key (created by cert-manager)
Prerequisites
- cert-manager installed on the cluster (via KubernetesCertManager)
- A configured Issuer or ClusterIssuer to sign the certificate
Quick Start
apiVersion: kubernetes.openmcf.org/v1
kind: KubernetesCertificate
metadata:
name: my-app-cert
spec:
namespace:
value: my-app
dnsNames:
- app.example.com
secretName: my-app-tls
issuerRef:
clusterIssuer:
name:
value: example.com
Stack Outputs
| Output | Description |
|---|---|
namespace | Namespace where the Certificate was created |
certificate_name | Name of the Certificate resource |
secret_name | TLS Secret name for Gateway/Ingress/CA Issuer consumption |
Related Components
- KubernetesClusterIssuer -- creates ACME ClusterIssuers for public TLS
- KubernetesIssuer -- creates namespace-scoped Issuers (SelfSigned, CA)
- KubernetesCertManager -- installs the cert-manager controller
Next article
KubernetesCertManager
KubernetesCertManager Installs the cert-manager controller on a Kubernetes cluster for automated TLS certificate management. Handles Helm deployment, CRDs, and optional workload identity configuration. What Gets Created Namespace (optional) -- target namespace for cert-manager ServiceAccount -- with optional workload identity annotations Helm Release -- cert-manager chart with CRDs and DNS resolver configuration Prerequisites A Kubernetes cluster (GKE, EKS, AKS, or any conformant cluster) Quick...