Never let a certificate expire again — automate TLS issuance and renewal on Kubernetes with free Let's Encrypt certs.

Welcome to cert-manager: Automating TLS Certificates on Kubernetes.

cert-manager is the standard way to automate TLS certificates on Kubernetes: declare the certificate you want and it requests, validates, stores, and renews it for you — retiring the expired-certificate outage for good. This free book teaches it from first principles: just enough TLS and PKI to be dangerous, cert-manager's operator architecture and CRDs, Issuers and ClusterIssuers, the Certificate resource and its lifecycle, the ACME protocol with HTTP-01 and DNS-01 challenges, automatic HTTPS through Ingress annotations, private CAs and Vault for internal services and mTLS, a systematic troubleshooting method, and the practices that keep certificate automation reliable and secure. Ten focused chapters with real manifests and clear diagrams that take you from concepts to hands-off HTTPS everywhere.

This title is part of the ShriIra library and is free to read in full, right here — our small contribution to making world-class knowledge easy to reach.

A note on reading it: open the Contents menu at the top of the reader to jump between chapters, use the Aa menu to set a comfortable text size, theme (light, sepia, or night), and single- or two-page layout. Your place is saved automatically, so you can always pick up where you left off.

We hope it serves you well.

— Shriira Press

Contents

1. Chapter 1 — What cert-manager Is
2. Chapter 2 — TLS and PKI Basics
3. Chapter 3 — Architecture and Resources
4. Chapter 4 — Issuers and ClusterIssuers
5. Chapter 5 — The Certificate Resource
6. Chapter 6 — ACME and Domain Validation
7. Chapter 7 — Ingress Integration and Automatic TLS
8. Chapter 8 — Private CAs and Other Issuers
9. Chapter 9 — Troubleshooting
10. Chapter 10 — Best Practices and Putting It Together