I was investigating certain things things about cert-manager
.
TLS certificates
are automatically recreated by cert-manager.
I need to somehow deregister a domain / certificate from being regenerated. I guess I would need to tell cert-manager not to take care about a given domain anymore.
I do not have any clue how to do that right now. Can someone help?
cert-manager
is an application implemented using the operator pattern.
In one sentence, it watches for a Custom Resource
(CR
for short) named Certificate
in the Kubernetes API and it creates and updates Secrets
resources to store certificate data.
If you delete the Secret
resource but don't delete the Certificate
CR, cert-manager
will recreate the secret for you.
The right way of "deregister a domain" or to better say it "make cert-manager not generate a certificate for a domain any more" is to delete the Certificate
CR related to your domain.
To get a list of all the Certificate
CRs in your cluster you can use kubectl
kubectl get certificate -A
When you found the Certificate
related to the domain you want to delete, simply delete it
kubectl -n <namespace> delete certificate <certificate name>
Once you deleted the certificate CR, you might also want to delete the Secret
containing the TLS cert one more time. This time cert-manager
will not recreate it.