Skip to content

Configuring a custom certificate class for a Service

When external-domain-tls is enabled and Knative Services are created, a certificate class (certificate-class) is automatically chosen based on the value in the config-network ConfigMap located inside the knative-serving namespace. This ConfigMap is part of Knative Serving installation. If the certificate class is not specified, this defaults to After certificate-class is configured, it is used for all Knative Services unless it is overridden with a certificate-class annotation.

Using the certificate class annotation

Generally it is recommended for Knative Services to use the default certificate-class. However, in scenarios where there are multiple certificate providers, you might want to specify different certificate class annotations for each Service.

You can configure each Service to use a different certificate class by specifying the annotation.

To add a certificate class annotation to a Service, run the following command:

kubectl annotate kservice <service-name><certificate-provider>

  • <service-name> is the name of the Service that you are applying the annotation to.
  • <certificate-provider> is the type of certificate provider that is used as the certificate class for the Service.

We use analytics and cookies to understand site traffic. Information about your use of our site is shared with Google for that purpose. Learn more.

× OK