cert-manager Reference

Contents

• Resources
• Installation
• Backup
• Commands
• Frequently Asked Questions
  • What’s the difference between an Issuer and a ClusterIssuer?

Resources

• cert-manager tagged releases
• cert-manager supported releases (includes supported kubernetes versions)
• cert-manager release notes
• cert-manager upgrade instructions
• cert-manager API Reference: latest
• cert-manager Documentation: latest
• cert-manager GitHub Repository
• cmctl command line tool documentation

Installation

A helm chart is available, but I chose to apply the cert-manager definitions directly by first downloading the YAML manifest file from the GitHub release page, modifying it as needed, and applying directly.

The official installation instructions for kubernetes essentially boil down to:

• create cert-manager namespace
• disable validation (just for cert-manager namespace)
• apply the install manifest
• verify install by creating self-signed certificate

Backup

$ kubectl get --all-namespaces -oyaml issuer,clusterissuer,cert > backup.yaml

Commands

Check on cert-manager Pods:

kubectl get pods -n cert-manager --watch

Frequently Asked Questions

What’s the difference between an Issuer and a ClusterIssuer?

Roughly, a ClusterIssuer can issue certificates across namespaces.