-
Install cert-manager
-
Apply the
cert-manager-spec-update-issue.yaml
file (it's down below) -
Get the certificate
$ k get certificates -n cert-manager-issue server-tls -oyaml
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"cert-manager.io/v1","kind":"Certificate","metadata":{"annotations":{},"name":"server-tls","namespace":"cert-manager-issue"},"spec":{"dnsNames":["broker-filter.knative-eventing.svc.cluster.local","broker-filter.knative-eventing.svc"],"duration":"2160h","isCA":false,"issuerRef":{"group":"cert-manager.io","kind":"Issuer","name":"selfsigned-ca-issuer"},"privateKey":{"algorithm":"RSA","encoding":"PKCS1","rotationPolicy":"Always","size":2048},"renewBefore":"360h","secretName":"server-tls","secretTemplate":{"labels":{"app.kubernetes.io/component":"server-tls"}},"subject":{"organizations":["local"]}}}
creationTimestamp: "2023-10-11T11:27:28Z"
generation: 1
name: server-tls
namespace: cert-manager-issue
resourceVersion: "153649"
uid: 2a5f4dca-b32a-4653-b636-c2ac4d0a5626
spec:
dnsNames:
- broker-filter.knative-eventing.svc.cluster.local
- broker-filter.knative-eventing.svc
duration: 2160h0m0s
issuerRef:
group: cert-manager.io
kind: Issuer
name: selfsigned-ca-issuer
privateKey:
algorithm: RSA
encoding: PKCS1
rotationPolicy: Always
size: 2048
renewBefore: 360h0m0s
secretName: server-tls
secretTemplate:
labels:
app.kubernetes.io/component: server-tls
subject:
organizations:
- local
status:
conditions:
- lastTransitionTime: "2023-10-11T11:27:34Z"
message: Certificate is up to date and has not expired
observedGeneration: 1
reason: Ready
status: "True"
type: Ready
notAfter: "2024-01-09T11:27:34Z"
notBefore: "2023-10-11T11:27:34Z"
renewalTime: "2023-12-25T11:27:34Z"
revision: 1
As you can see renewBefore
and duration
have different values (equivalent but different since those are technically just YAML strings), the other change is that the field isCA
is not there anymore