Cluster Certificates Setup Guide
This guide will walk you through setting up and using
Since this is an advanced feature, it is not covered by Truecharts support.
- Ensure you have completed the clusterissuer Setup Guide
- Install the
kubernetes-reflectorapp from the
Creating a cluster certificate
In the clusterissuer app settings create a new "Cluster-Wide certificate". As with a single domain certificate, input a cert-manager issuer (for example an ACME issuer you configured previously), a list of hosts for which the certificate is valid (you can use wildcards), and a name you will use to reference it.
In order for an ACME issuer to issue a wildcard certificate, you need to have a DNS01 challenge solver configured.
After creating the cluster certificate, verify it is working by checking the
Application Events created in the
clusterissuer app (see how to verify a single app certificate is working for more information).
Using a cluster certificate
After you have verified the certificate was created successfully, edit the settings of the app you wish to use it for and go to the Ingress section.
If you have previously used a single domain certificate from clusterissuer, remove the specified issuer name. Then, click on Show Advanced Settings and add a TLS entry. Enter the name of your cluster certificate, and the certificate host(s) which it will be used for. These are usually the same as your app host(s), unless you wish to use more than one certificate. Save the chart.
In order for your cluster certificate to show up as valid, the certificate hosts it is used for must match the ones specified when creating it in the clusterissuer app settings. For example, in this case we configure the certificate host
jellyfin.example.com, which matches the configured wildcard certificate host (