Configuring a custom certificate class for a Service¶
When autoTLS is enabled and Knative Services are created, a certificate class (
certificate.class) is automatically chosen based on the value in the
config-network ConfigMap located inside the
knative-serving namespace. This ConfigMap is part of Knative Serving installation. If the certificate class is not specified, this defaults to
certificate.class is configured, it is used for all Knative Services unless it is overridden with a
Using the certificate class annotation¶
Generally it is recommended for Knative Services to use the default
certificate.class. However, in scenarios where there are multiple certificate providers, you might want to specify different certificate class annotations for each Service.
You can configure each Service to use a different certificate class by specifying the
To add a certificate class annotation to a Service, run the following command:
kubectl annotate kservice <service-name> networking.knative.dev/certifcate.class=<certificate-provider>
<service-name>is the name of the Service that you are applying the annotation to.
<certificate-provider>is the type of certificate provider that is used as the certificate class for the Service.