Cert-manager
Helm chart
Uninstall helm chart
helm delete --purge oas-test-cert-manager
kubectl delete namespace cert-manager
i.e. for 0.9.1:
kubectl delete -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.9/deploy/manifests/00-crds.yaml
Verify there's no CRDs left:
kc get crd --all-namespaces | grep -v calico
Troubleshooting
Custom debug script:
~/bin/custom/k8s_debug_cert_manager.sh
cmctl status certificate --namespace matrix matrix.varac.net
Alternatives to letsencrypt
ZeroSSL
Features:
- No rate limit
- ZeroSSL pricing: 3 90-Day Certificates for free, unlimited for 10$/month
- ZeroSSL vs Let's Encrypt
Cert-manager + ZeroSSL resources:
API
curl https://api.zerossl.com/certificates\?access_key=$zerossl_api_key
ZeroSSL issues
Reuse / recovery of ExternalAccountBinding based account #2882
See also Fix ZeroSSL configuration and Reuse / recovery of ExternalAccountBinding based account
Solution: Generate new EAB credentials per cluster