What is cert-manager?
cert-manager is a powerful, general-purpose certificate management controller for Kubernetes. Since it first became available as an open source project it has become hugely successful by helping cloud native platform teams to easily automate TLS certificates for Kubernetes and OpenShift workloads. It will obtain certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry.
A major use-case is the automated issuance and renewal of Let’s Encrypt certificate, using ACME, to secure Ingress with TLS. Built with extensibility from the beginning, cert-manager can also be further used for a wide range of use cases in which automated X.509 certificates are required. For instance, it can be integrated with a private PKI issuer to secure internal pod-to-pod communications using mTLS. cert-manager is increasingly used by organisations in conjunction with their preferred internal PKI when deploying service mesh solutions, such as Istio.
As a foundational component in the cloud native stack, Jetstack donated cert-manager to the CNCF Sandbox in 2020. Jetstack remains the main contributor and maintainer of the project and continues to manage the overall development roadmap in conjunction with the project’s huge community of developers.