cert-manager Reference

Kip Landergren

August 15, 2019 (Updated: November 07, 2023)

My cheat sheet for cert-manager covering helpful resources, kubernetes cluster installation, and common kubectl commands.

Resources
Installation
Backup
Commands
Frequently Asked Questions
- What’s the difference between an Issuer and a ClusterIssuer?

Resources

cert-manager tagged releases
cert-manager supported releases (includes supported kubernetes versions)
cert-manager release notes
cert-manager upgrade instructions
cert-manager API Reference: latest
cert-manager Documentation: latest
cert-manager GitHub Repository
cmctl command line tool documentation

Installation

A helm chart is available, but I chose to apply the cert-manager definitions directly by first downloading the YAML manifest file from the GitHub release page, modifying it as needed, and applying directly.

The official installation instructions for kubernetes essentially boil down to:

create cert-manager namespace
disable validation (just for cert-manager namespace)
apply the install manifest
verify install by creating self-signed certificate

Backup

$ kubectl get --all-namespaces -oyaml issuer,clusterissuer,cert > backup.yaml

Commands

Check on cert-manager Pods:

kubectl get pods -n cert-manager --watch

Frequently Asked Questions

What’s the difference between an Issuer and a ClusterIssuer?

Roughly, a ClusterIssuer can issue certificates across namespaces.