...
Underneath, out of Certificate CRD, Cert-Manager creates CertificateRequest CRD which is more suitable for M2M processing as it contains Certificate Singing Signing Request (CSR). CertificateRequest CRD is further on consumed by Issuer which processes CSR stored there and in return puts signed certificate and trusted certs in CertificateRequest's status and marks CertificateReqeust CertificateRequest as Ready. Cert-Manager notices such state change and from CertificateRequest marked as Ready creates K8s secret originally requested in Certificate CRD. Such K8s secret is ready to be mounted to K8s workload as any other secret.
...
| Gliffy | |||||||
|---|---|---|---|---|---|---|---|
|
| Gliffy | ||||
|---|---|---|---|---|
|
As a consequence, all existing usages should be adjusted to use new way and create Certificate CRD instead of calling CertService client as init container.
...