Cert Manager

Cert Manager

License: Apache 2.0

We use Cert Manager to automate the management and issuance of TLS certificates from various issuing sources. It ensures that certificates are valid and up to date and attempts to renew certificates at a configured time before expiry.

Usage

Our primary usage of Cert Manager is to request certificates by creating a Certificate resource in Kubernetes. Cert Manager will then automatically create and renew certificates based on this resource specification. The tool also plays a crucial role in ensuring secured communication within our applications.

Links

• Code: https://github.com/jetstack/cert-manager

• Releases: https://github.com/jetstack/cert-manager/releases

• Documentation:

  • General Documentation: https://cert-manager.io/docs/

Note

Make sure to select the version of the documentation you need in the top right.

• Helm:

  • Releases: https://hub.helm.sh/charts/jetstack/cert-manager
  • Helm Documentation: https://cert-manager.io/docs/installation/helm/

• Implementation:

  • eks-cluster: Install Cert Manager

  https://code.vt.edu/it-common-platform/infrastructure/eks-cluster/-/blob/main/cluster-bootstrap/cert-manager.tf

  • cert-manager-policies: A helm chart to install cluster-wide certificate policies

  https://code.vt.edu/it-common-platform/platform-support/helm-charts/cert-manager-policies/

Update Concerns

Critical Concerns

• Any Interruption of the Cert Manager can potentially cause certificates not to renew on time, leading to service outages due to expired certificates.

General Concerns

• Changes in Certificate Authorities (CAs) or disruptions to external issuers can lead to failures in issuing certificates.
• Inaccurate configurations in Certificate resources can lead to issues with certificate issuance. Ensure that configurations align with the requirements of the chosen issuer.