KubeCon + CloudNativeCon Europe 2023

Rotate Roots Right Round: Using cert-manager for Safer Private PKI

Ashley Davis

There are plenty of benefits when you control your own certificate authority (CA), whether for just one Kubernetes cluster or for your whole organization.

Putting a service mesh into production might require rolling your own CA, for example, but there are other use cases where a private PKI makes sense to avoid the headaches of rate limits, issuance costs or relying on third party services.

Luckily for us, the concepts behind Public Key Infrastructure (PKI) have been around since at least the 70s and there are there’s a tonne to learn from existing PKI deployments which we can apply to today’s cloud native landscape.

Plus, cert-manager is here to help!

In this talk we’ll discuss how to use cert-manager to safely deploy a private PKI at organizational scale and some the things we need to think about to ensure that we can run it smoothly - without causing a major outage down the road by failing to plan for rotation!

Event KubeCon + CloudNativeCon Europe 2023
Speaker Ashley Davis
Video Watch Video

Get started with Jetstack

Enquire about Subscription

Contact us