cert-manager
cert-manager
provides a Kubernetes operator for automating management of X.509 certificates originally developed by Jetstack.
Objects
Issuer
Issuers define sources from which certificates can be obtained. There are a number of types:
selfSigned
specifies a self-signed CA. The self-signed CA certificate can be generated.acme
specifies an ACME-compatible endpoint and a solver configuration for the ACME challenge.ca
specifies a secret containing a certificate from which issued certificates will be chained.vault
specifies a HashiCorp Vault (Private) CAvenafi
allows using Venafi Cloud as a CA.
ClusterIssuer
The Issuer object is namespace-scoped. To issue certificates across all namespaces, use the ClusterIssuer instead.
Certificate
Certificates define desired X.509 certificates which should be automatically renewed.
CertificateRequest
CertificateRequests are issued by cert-manager
in response to the creation, edit or approaching expiration of a Certificate. They contain the X.509 certificate request that will be sent to the issuer. Typically these are to be consumed and manipulated by machines, not humans.
Order
Orders are used to track the lifecycle of an ACME certificate "order". One Order will be created for each CertificateRequest referencing an ACME issuer.
Challenge
Challenges are used to represent ACME challenges required for the authorisation process confirming ownership of a given DNS name.
ingress-shim
The Ingress Shim component automates creation of Certificates for Ingress resources via an annotation specifying the Issuer to use to obtain certificates.
Backlinks