Cert-Manager Beyond Ingress – Exploring the Variety of Use Cases

Cert Manager is a tool that automates the management and issuance of TLS certificates in Kubernetes clusters, and it can be used for various use cases beyond ingress.

• Cert Manager can be used to create certificates for client authentication with MySQL.
• CSI driver can be used to provide unique key and certificates for each application.
• Cert Manager can be used to secure Kubernetes web hooks.
• Cert Manager can be used to provision certificates for the Kubernetes nodes.
• Cert Manager supports various issuers and will support the Kubernetes certificates API in the next release.

Cert Manager can be used to create certificates for client authentication with MySQL. A blog post by one of the team members explains how to use Cert Manager for this purpose. This makes it easy to manage certificate resources for applications, and Cert Manager will automatically renew the certificates when needed. The CSI driver can also be used to provide unique key and certificates for each application, making it easy to get those identities. This means that each pod can have its own unique identity, and the identity can be obtained at the point of application runtime. Cert Manager can also be used to secure Kubernetes web hooks, which are used for dynamic admission control. Finally, Cert Manager can be used to provision certificates for the Kubernetes nodes, and it supports various issuers and will support the Kubernetes certificates API in the next release.

Cert-manager is a widely used project for the automation of X.509 TLS certificates. In 2020, it reached 1.0 and landed in the CNCF Sandbox. cert-manager has been popularised by its support of ACME and Ingress, enabling many millions of certificates to be issued and renewed, and to help secure the cloud native web with Kubernetes and all the various ingress controllers. But cert-manager, with its custom resources and controllers, extensible with issuers including those out-of-tree, can also be used for a myriad of other use cases in which certificates are required. This talk will walk through the various use cases for cert-manager, including ingress, control plane and nodes (kubeadm, CAPI), webhooks, intra-service mTLS (cert-manager-csi) and service mesh (OpenServiceMesh, Istio).