CertManagerExtensions
Class static net8.0
Provides extension methods for installing cert-manager into a Kubernetes environment and declaring
ClusterIssuer resources against it. namespace Aspire.Hosting;
public static class CertManagerExtensions{ // ...} 10 members
Methods10
Section titled MethodsAddCertManager(IResourceBuilder<KubernetesEnvironmentResource>, string, string?)extensionats exportIResourceBuilder<CertManagerResource> Installs cert-manager into the Kubernetes environment and returns a typed
CertManagerResource that can host issuer resources. AddIssuer(IResourceBuilder<CertManagerResource>, string)extensionats exportIResourceBuilder<CertManagerIssuerResource> Adds a cert-manager
ClusterIssuer to this cert-manager installation. WithAcmeServer(IResourceBuilder<CertManagerIssuerResource>, string, string)extensionats exportIResourceBuilder<CertManagerIssuerResource> Configures the issuer to use a custom ACME directory endpoint (e.g., a private ACME server such as ZeroSSL or step-ca).
WithAcmeServer(IResourceBuilder<CertManagerIssuerResource>, string, IResourceBuilder<ParameterResource>)extensionats exportIResourceBuilder<CertManagerIssuerResource> Configures the issuer to use a custom ACME directory endpoint with a parameterized email.
WithHttp01Solver(IResourceBuilder<CertManagerIssuerResource>)extensionats exportIResourceBuilder<CertManagerIssuerResource> Adds an HTTP-01 ACME challenge solver to the issuer. cert-manager will satisfy the challenge by provisioning a temporary HTTP route at
/.well-known/acme-challenge/{token} on the same hostname being validated. This requires the hostname to be publicly reachable on port 80. WithLetsEncryptProduction(IResourceBuilder<CertManagerIssuerResource>, string)extensionats exportIResourceBuilder<CertManagerIssuerResource> Configures the issuer to use the Let's Encrypt production ACME endpoint.
WithLetsEncryptProduction(IResourceBuilder<CertManagerIssuerResource>, IResourceBuilder<ParameterResource>)extensionats exportIResourceBuilder<CertManagerIssuerResource> Configures the issuer to use the Let's Encrypt production ACME endpoint, with the contact email supplied via a parameter resolved at deploy time.
WithLetsEncryptStaging(IResourceBuilder<CertManagerIssuerResource>, string)extensionats exportIResourceBuilder<CertManagerIssuerResource> Configures the issuer to use the Let's Encrypt staging ACME endpoint. Certificates issued from staging are not trusted by browsers, but the endpoint has much higher rate limits, making it the right choice for development and CI workflows.
WithLetsEncryptStaging(IResourceBuilder<CertManagerIssuerResource>, IResourceBuilder<ParameterResource>)extensionats exportIResourceBuilder<CertManagerIssuerResource> Configures the issuer to use the Let's Encrypt staging ACME endpoint, with the contact email supplied via a parameter resolved at deploy time.
WithTls(IResourceBuilder<KubernetesGatewayResource>, IResourceBuilder<CertManagerIssuerResource>)extensionats exportIResourceBuilder<KubernetesGatewayResource> Adds an HTTPS listener to the gateway and wires it to the supplied cert-manager
ClusterIssuer. This adds the cert-manager.io/cluster-issuer annotation to the generated Gateway resource, causing cert-manager to provision and renew a certificate for each gateway listener hostname.