include documentation about certificate class annotation (#4272)

* include documentation about certificate class annotation * fix mispelling * Update docs/developer/serving/services/certificate-class.md Co-authored-by: Samia Nneji <snneji@vmware.com> * Update docs/developer/serving/services/certificate-class.md Co-authored-by: Samia Nneji <snneji@vmware.com> * Update docs/developer/serving/services/certificate-class.md Co-authored-by: Samia Nneji <snneji@vmware.com> Co-authored-by: Omer B <obensaadon@vmware.com> Co-authored-by: Samia Nneji <snneji@vmware.com>
2021-09-30 12:25:45 -04:00 · 2021-09-30 12:25:45 -04:00 · 8c0741c5e2
parent ffb93b29f5
commit 8c0741c5e2
2 changed files with 21 additions and 1 deletions
--- a/config/nav.yml
+++ b/config/nav.yml
@ -69,7 +69,8 @@ nav:
            - Creating a Service: developer/serving/services/creating-services.md
            - Service metrics: developer/serving/services/service-metrics.md
            - Configuring private Services: developer/serving/services/private-services.md
-            - Configuring Services custom ingress class: developer/serving/services/ingress-class.md
+            - Configuring ingress class: developer/serving/services/ingress-class.md
+            - Configuring certificate class: developer/serving/services/certificate-class.md
            - Configuring custom domains: developer/serving/services/custom-domains.md
            - Using a custom TLS certificate for DomainMapping: developer/serving/services/byo-certificate.md
            - Configure resource requests and limits: developer/serving/services/configure-requests-limits-services.md
--- a/docs/developer/serving/services/certificate-class.md
+++ b/docs/developer/serving/services/certificate-class.md
@ -0,0 +1,19 @@
+# Configuring a custom certificate class for a Service
+
+When autoTLS is enabled and Knative Services are created, a certificate class (`certificate.class`) is automatically chosen based on the value in the `config-network` ConfigMap located inside the `knative-serving` namespace. This ConfigMap is part of Knative Serving installation. If the certificate class is not specified, this defaults to `cert-manager.certificate.networking.knative.dev`. After `certificate.class` is configured, it is used for all Knative Services unless it is overridden with a `certificate.class` annotation.
+
+## Using the certificate class annotation
+
+Generally it is recommended for Knative Services to use the default `certificate.class`. However, in scenarios where there are multiple certificate providers, you might want to specify different certificate class annotations for each Service.
+
+You can configure each Service to use a different certificate class by specifying the `networking.knative.dev/certificate.class` annotation.
+
+To add a certificate class annotation to a Service, run the following command:
+```bash
+kubectl annotate kservice <service-name> networking.knative.dev/certifcate.class=<certificate-provider>
+```
+Where:
+
+- `<service-name>` is the name of the Service that you are applying the annotation to.
+- `<certificate-provider>` is the type of certificate provider that is used as the certificate class for the Service.
+