cert-manager is a new project, built to replace kube-lego and make x509 certificates first class citizens in Kubernetes. Using custom resource definitions to introduce the concept of Issuers into a cluster, end-users can request signed TLS certificates from an ACME server (e.g. Let’s Encrypt), a signing key pair, Hashicorp Vault, or your organisations custom CA through its extensible design.
This talk presents cert-manager and demonstrates its new features over its predecessor, and specifically our approach to migrate thousands of users from kube-lego to the new custom resource backed system, without hindering future cert-manager functionality or effecting production users. At the end, we’ll go over the roadmap and future plans for the project, as well as how you can get involved!
|Event||KubeCon Europe 2018|