Cert Manager#
Cert Manager#
License: Apache 2.0
We use Cert Manager to automate the management and issuance of TLS certificates from various issuing sources. It ensures that certificates are valid and up to date and attempts to renew certificates at a configured time before expiry.
Usage#
Our primary usage of Cert Manager is to request certificates by creating a Certificate
resource in Kubernetes. Cert Manager will then automatically create and renew certificates based on this resource specification. The tool also plays a crucial role in ensuring secured communication within our applications.
Links#
-
Documentation:
- General Documentation: https://cert-manager.io/docs/
Note
Make sure to select the version of the documentation you need in the top right.
-
Helm:
- Releases: https://hub.helm.sh/charts/jetstack/cert-manager
- Helm Documentation: https://cert-manager.io/docs/installation/helm/
-
Implementation:
- eks-cluster: Install Cert Manager
- cert-manager-policies: A helm chart to install cluster-wide certificate policies
https://code.vt.edu/it-common-platform/platform-support/helm-charts/cert-manager-policies/
Update Concerns#
Critical Concerns#
- Any Interruption of the Cert Manager can potentially cause certificates not to renew on time, leading to service outages due to expired certificates.
General Concerns#
- Changes in Certificate Authorities (CAs) or disruptions to external issuers can lead to failures in issuing certificates.
- Inaccurate configurations in
Certificate
resources can lead to issues with certificate issuance. Ensure that configurations align with the requirements of the chosen issuer.