ArcGIS Enterprise on Kubernetes supports using a TLS certificate that is issued and managed by Kubernetes cert-manager.
Kubernetes cert-manager is a certificate management controller that is native to Kubernetes and helps to issue, manage, and renew certificates from a variety of sources. While you do not need to deploy cert-manager to the same namespace as ArcGIS Enterprise, the certificate issued by cert-manager must reside in the same namespace as ArcGIS Enterprise. The certificate is stored in a TLS secret that can be referenced during the deployment process or after an organization is created.
To update the ingress controller to use a certificate in the TLS secret, do the following in ArcGIS Enterprise Manager:
- Sign in to ArcGIS Enterprise Manager.
- Click the Security page.
- Click the TLS certificates tab on the Security page.
- Click the TLS secret tab.
- Provide a name for the TLS secret.
- Click Submit to save your changes.
A new ingress controller pod is generated automatically and the existing one is removed. The active TLS secret assignment is displayed on the Security > Overview page of ArcGIS Enterprise Manager.
When the TLS certificate that is stored in the TLS secret is about to expire, Kubernetes cert-manager automatically renews and updates the certificate. No additional updates or changes byArcGIS Enterprise are needed to use the renewed certificate.