Can kubernetes cert-manager import existing certificate

3/4/2022

Just want to know if kubernetes's add-on cert-manager can import existing certificate, as i just want to have certificate import into the cluster and work in all namespaces.

-- Siki shen
cert-manager
kubernetes

1 Answer

3/4/2022

Short answer: Yes, you can import existing certificates into the cluster.

Longer answer: Assuming you've done all the usual stuff to generate a certificate from a known CA like Symantec, Entrust, etc. You need to do the following:

  1. Take the private key you used to generate the original certificate signing request for the certificate (e.g. domain.pem), and the actual certificate itself (e.g domain.crt)
  2. Generate a secret from those files
$ kubectl create secret generic domain-tls \
  --from-file=tls.key=domain.pem \
  --from-file=tls.crt=domain.crt

If all goes well, the ingress controller should serve that certificate

-- Blender Fox
Source: StackOverflow