cert-issuer¶
| Edit on GitHub | /services/cert-issuer |
| Type | Helm |
| Namespace | cert-issuer |
Overview
The cert-issuer service creates a cluster issuer for the use of the Rubin Science Platform.
It depends on cert-manager.
The issuer is named cert-issuer-letsencrypt-dns.
On most clusters where the Rubin Science Platform manages certificates, this is also handled by the Rubin Science Platform Argo CD, but on the base and summit clusters, cert-manager is maintained by IT and installed outside of Argo CD. NCSA clusters use NCSA certificates issued via an internal process.
cert-issuer should only be enabled in environments using Route 53 for DNS and using cert-manager with the DNS solver.
For more information, see Hostnames and TLS.
Using cert-issuer
To configure an ingress to use certificates issued by it, add a tls configuration to the ingress and the annotation:
cert-manager.io/cluster-issuer: cert-issuer-letsencrypt-dns
This should be done on one and only one ingress for a deployment using cert-issuer.
The RSP conventionally uses the landing-page service.
Guides