Paul Payne
54abfdd469
- Introduced a new kustomization.yaml file for cert-manager. - Configured a patch to modify the cert-manager Deployment to use a custom DNS policy and settings. - Set dnsPolicy to None and specified custom nameservers and search options.
21 lines
820 B
Markdown
21 lines
820 B
Markdown
# cert-manager
|
|
|
|
X.509 certificate management for Kubernetes using Let's Encrypt.
|
|
|
|
## Upstream
|
|
|
|
The `upstream/cert-manager.yaml` file is downloaded from the official cert-manager release:
|
|
|
|
- Source: https://github.com/cert-manager/cert-manager/releases/download/v1.17.2/cert-manager.yaml
|
|
- Version: v1.17.2
|
|
|
|
To update, download the new version and replace the file.
|
|
|
|
## DNS Configuration
|
|
|
|
The upstream cert-manager deployment is patched via kustomize overlay (`upstream/kustomization.yaml`) to use external DNS resolvers (1.1.1.1, 8.8.8.8) instead of cluster DNS. This is required for ACME DNS-01 challenge verification.
|
|
|
|
## Maintenance
|
|
|
|
The `scripts/repair-certificates.sh` script can fix stuck certificates, orphaned ACME orders, and Cloudflare DNS cleanup errors. Run it manually when certificate issuance has issues.
|