Cluster Issuer

Configuration and usage of ClusterIssuers for TLS certificates.

What is a ClusterIssuer?

A ClusterIssuer is a resource in Kubernetes provided by cert-manager that represents a certificate authority (CA) capable of generating signed certificates. Unlike a regular Issuer, which is namespaced, a ClusterIssuer can be referenced by resources in any namespace. This is perfect for setting up a single "Let's Encrypt" account for the entire cluster to secure your Ingresses with HTTPS.

Official cert-manager Documentation

ACME (Let's Encrypt)

Example of a ClusterIssuer using ACME with HTTP-01 challenge.

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: info@natron.io
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class: nginx

You can find additional information in the Cert-Manager section.