Background:
Currently we rely on ingress certificate resolvers to create new SSL certificates for ingress routes. This makes it difficult to track the certificate life cycle and debug errors when certificates are issued by cert manager.
AC:
Add an explicit certificate manifest for each ingress route, eg:
To check if a certificate was generated successfully, run kubectl get certificate myproject-domain-com-tls. It will report that is ready, eg:
NAMESPACE NAME READY SECRET AGE
default myproject-domain-com-tls True myproject-domain-com-tls 10m
When you describe the certificate you should see:
Status:
Conditions:
Last Transition Time: 2024-03-15T15:41:09Z
Message: Certificate is up to date and has not expired
Observed Generation: 2
Reason: Ready
Status: True
Type: Ready
Add documentation about how to track certificate status in readme
Background: Currently we rely on ingress certificate resolvers to create new SSL certificates for ingress routes. This makes it difficult to track the certificate life cycle and debug errors when certificates are issued by cert manager.
AC:
Add an explicit certificate manifest for each ingress route, eg:
Reference each certificate by secret name, eg:
To check if a certificate was generated successfully, run
kubectl get certificate myproject-domain-com-tls
. It will report that is ready, eg:When you describe the certificate you should see:
Add documentation about how to track certificate status in readme