Cert-Manager configuration reference for Lokomotive

Introduction

cert-manager is a Kubernetes service that provisions TLS certificates from Let’s Encrypt and other certificate authorities and manages their lifecycles.

Prerequisites

  • A Lokomotive cluster accessible via kubectl.

Configuration

If you run a cluster enable_aggregation set to false, make sure you disable the webhooks feature, which will not work without aggregation enabled.

cert-manager component configuration example:

component "cert-manager" {
  email = "[email protected]"
  namespace = "cert-manager"
  webhooks = false
}

Attribute reference

Table of all the arguments accepted by the component.

Argument Description Default Type Required
email Email used for certificates to receive expiry notifications. - string true
namespace Namespace to deploy the cert-manager into. cert-manager string false
webhooks Controls if webhooks should be deployed. true bool false
service_monitor Specifies how metrics can be retrieved from a set of services. false bool false

Applying

To apply the cert-manager component:

lokoctl component apply cert-manager

Deleting

To destroy the component:

lokoctl component delete cert-manager --delete-namespace