Manage Lets Encrypt certificates for a Kubernetes cluster.
Go Shell
Latest commit c6bf607 Feb 10, 2017 @luna-duclos luna-duclos committed on GitHub Fix broken link to AWS codebuild docs

Kubernetes Certificate Manager

This project is loosely based on It took over most of its documentation, license, as well as the general approach to how things work.

The code itself however, was entirely reimplemented to use xenolf/lego as the basis instead of reimplemented an ACME client + dns plugins


  • Manage Kubernetes TLS secrets backed by Let's Encrypt issued certificates.
  • Manage Let's Encrypt issued certificates based on Kubernetes ThirdParty Resources.
  • Manage Let's Encrypt issued certificates based on Kubernetes Ingress Resources.
  • Domain validation using ACME HTTP-01, SNI-TLS-01 or DNS-01 challenges.
  • Support for multiple challenge providers.

Project Goals

  • Demonstrate how to build custom Kubernetes controllers.
  • Demonstrate how to use Kubernetes Third Party Resources.
  • Demonstrate how to interact with the Kubernetes API (watches, reconciliation, etc).
  • Demonstrate how to write great documentation for Kubernetes add-ons and extensions.
  • Promote the usage of Let's Encrypt for securing web applications running on Kubernetes.


  • Kubernetes 1.3+
  • At least one configured challenge provider
  • A Kubectl with the same 1.x version as your cluster (ie. kubectl 1.3.x for a 1.3 cluster, and kubectl 1.4.x for a 1.4 cluster)