This message was deleted.

I'm busy creating a blog on my portfolio on how to set up a raspberry pi cluster using k3s, where everything is described from flashing your SD-card to deploying your first .NET 6 webapp with automated TLS-certificates using Cert-Manager and Let's Encrypt. Not sure if that would meet your requirements? A lot of topics you're describing aren't handled, since the format is more of a hands-on, that I created for my own backup, but people requested me to publish it.

@kind-nightfall-56861 I’m not able to use Let’s Encrypt due to intranet policies. Is it possible to manage also k3s’s certificates using cert-manager? I would ideally want to centralize all certificate management.

From what I understood, cert-manager is a form of orchestrator too manage certs, not an authority. Meaning that CM is not able to give you certs on its own, it needs a certifitate authority that hands out signed certificates, for example, Lets Encrypt

Basically I’m limited to self-signed certificates.

Tried this? https://cert-manager.io/docs/configuration/selfsigned/

@kind-nightfall-56861 Yes, I read that page. However, I’m trying to figure out how to use cert-manager for all certs - or if it’s even possible. Currently k3s issues it’s own certs, but I’m wondering if I can somehow configure cert-manager to issue the certs also for k3s (api server, kubelets, etc.). Should I just configure same self-generated CA for cert-manager and k3s (ref: https://kubernetes.io/docs/setup/best-practices/certificates/#single-root-ca https://github.com/k3s-io/k3s/issues/1868). Kind of at lost how could/should I configure so that a single CA is used for all issued certs in my k3s setup (including k3s components, Traefik, etc.).

Ooh, I havent looked into that yet. I'm still using the 'insecure' certs from k3s, lmk when you find an answer