cert-issuer

Edit on GitHub /services/cert-issuer
Type Helm
Namespace cert-issuer

Overview

The cert-issuer application creates a cluster issuer for the use of the Rubin Science Platform. It depends on cert-manager. The issuer is named cert-issuer-letsencrypt-dns.

On most clusters where the Rubin Science Platform manages certificates, this is also handled by the Rubin Science Platform Argo CD, but on the base and summit clusters, cert-manager is maintained by IT and installed outside of Argo CD. NCSA clusters use NCSA certificates issued via an internal process.

cert-issuer should only be enabled in environments using Route 53 for DNS and using cert-manager with the DNS solver. For more information, see Hostnames and TLS.

Using cert-issuer

To configure an ingress to use certificates issued by it, add a tls configuration to the ingress and the annotation:

cert-manager.io/cluster-issuer: cert-issuer-letsencrypt-dns

This should be done on one and only one ingress for a deployment using cert-issuer. Currently, this is done on the proxy ingress of the nublado application. In the future, it will probably move to the landing-page application.

Guides