2.1 KiB
title |
---|
Cluster Certificates Setup Guide |
This guide will walk you through setting up and using cluster certificates
.
:::note
Since this is an advanced feature, it is not covered by Truecharts support.
:::
Prerequisites
- Ensure you have completed the clusterissuer Setup Guide
- Install the
kubernetes-reflector
app from theenterprise
train
Creating a cluster certificate
In the clusterissuer app settings create a new "Cluster-Wide certificate". As with a single domain certificate, input a cert-manager issuer (for example an ACME issuer you configured previously), a list of hosts for which the certificate is valid (you can use wildcards), and a name you will use to reference it.
:::note
In order for an ACME issuer to issue a wildcard certificate, you need to have a DNS01 challenge solver configured.
:::
After creating the cluster certificate, verify it is working by checking the Application Events
created in the clusterissuer
app (see how to verify a single app certificate is working for more information).
Using a cluster certificate
After you have verified the certificate was created successfully, edit the settings of the app you wish to use it for and go to the Ingress section.
If you have previously used a single domain certificate from clusterissuer, remove the specified issuer name. Then, click on Show Advanced Settings and add a TLS entry. Enter the name of your cluster certificate, and the certificate host(s) which it will be used for. These are usually the same as your app host(s), unless you wish to use more than one certificate. Save the chart.
:::note
In order for your cluster certificate to show up as valid, the certificate hosts it is used for must match the ones specified when creating it in the clusterissuer app settings. For example, in this case we configure the certificate host jellyfin.example.com
, which matches the configured wildcard certificate host (*.example.com
).
:::