cert-manager open source project

X.509 certificate management for Kubernetes and OpenShift

Star Fork

What is cert-manager?

cert-manager is a powerful, general-purpose certificate management controller for Kubernetes. Since it first became available as an open source project it has become hugely successful by helping cloud native platform teams to easily automate TLS certificates for Kubernetes and OpenShift workloads. It will obtain certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry.

A major use-case is the automated issuance and renewal of Let’s Encrypt certificate, using ACME, to secure Ingress with TLS. Built with extensibility from the beginning, cert-manager can also be further used for a wide range of use cases in which automated X.509 certificates are required. For instance, it can be integrated with a private PKI issuer to secure internal pod-to-pod communications using mTLS. cert-manager is increasingly used by organisations in conjunction with their preferred internal PKI when deploying service mesh solutions, such as Istio.

cert-manager development

As a foundational component in the cloud native stack, Jetstack donated cert-manager to the CNCF Sandbox in 2020. Jetstack remains the main contributor and maintainer of the project and continues to manage the overall development roadmap in conjunction with the project’s huge community of developers.

Alert Graphic
In 2020, the Jetstack team proudly donated cert-manager to the CNCF Sandbox. You can read more about that here.

We’re also working on

Extending the core value of the cert-manager open source project.

Find out more

Get started with Jetstack

Enquire about Subscription

Contact us