SSL Certificates

Default Certificates

By default, there will always be at least one hostname field created that is associated with your cluster (in GCP it is auto-generated, but with other cloud providers, your customer provides the information). Metamanagement uses LetsEncrypt to generate TLS certificates for this and other hostnames using jetstack/cert-manager.

These default TLS certificates are available in a secret named, metamanagement-tls-secret .

Hostname Custom Fields

Vendors also have the ability to ask their customers to specify additional hostnames (i.e. to add specify different hostnames for different services). Metamanagement will also generate TLS certificates for those services.

For any hostname custom field named mm_custom_<field_name>, Metamanagement generates TLS certificates in a secret named mm-custom-<field-name>-tls. Note that since all Kubernetes objects must be valid domain names, the _ characters in the field name are all replaced with - characters.