Cert-Manager
cert-manager is a powerful and extensible X.509 certificate controller for Kubernetes and OpenShift workloads. It obtains certificates from a variety of issuers, including Let's Encrypt, HashiCorp Vault, and Venafi, and ensures certificates are valid and up-to-date, attempting to renew them before expiry. It supports certificate issuance for Ingress, Gateway API, and arbitrary workloads via Certificate resources.
APIs
cert-manager Kubernetes API
The cert-manager API extends the Kubernetes API with custom resources including Certificate, Issuer, ClusterIssuer, CertificateRequest, and Order. These resources allow declarat...
cert-manager CLI (cmctl)
cmctl is the command-line tool for managing cert-manager resources. It provides commands for checking certificate status, manually triggering renewals, approving or denying cert...
trust-manager
trust-manager is a cert-manager companion project for managing TLS trust bundles in Kubernetes and OpenShift clusters. It distributes CA bundles via a Bundle custom resource to ...
cert-manager approver-policy
approver-policy is a cert-manager policy plugin that automatically approves or denies CertificateRequest resources based on defined CertificateRequestPolicy custom resources. It...
cert-manager csi-driver
csi-driver is a Kubernetes Container Storage Interface plugin that works alongside cert-manager to seamlessly request and mount certificate key pairs as ephemeral volumes direct...
cert-manager csi-driver-spiffe
csi-driver-spiffe is a Kubernetes CSI plugin that works alongside cert-manager to transparently deliver SPIFFE SVIDs as X.509 certificate key pairs to mounted pods using ephemer...