Skip to content
Go to file

Latest commit

Luna Duclos
I've switched over to cert-manager, as have most contributors, so I think it's time to add this notice as the project is getting very little love

Git stats


Failed to load latest commit information.

Kubernetes Certificate Manager

Deprecation notice: This project is deprecated in favor of cert-manager

This project is loosely based on It took over most of its documentation, license, as well as the general approach to how things work.

The code itself however, was entirely reimplemented to use xenolf/lego as the basis, instead of reimplementing an ACME client and DNS plugins.


Please note: This is the documentation for the currently in development version of kcm, please refer to v0.4.0 for documentation for the latest stable version

Special note for upgrading from earlier versions

If you are upgrading from a version before 0.5.0 then note that the default way to identify Ingress resources to be managed by the certificate manager has changed, from the enabled annotation, to the class label. Backwards compatible behaviour is available by setting the -class argument to a blank value.


  • Manage Kubernetes TLS secrets backed by Let's Encrypt issued certificates.
  • Manage Let's Encrypt issued certificates based on Kubernetes ThirdParty Resources.
  • Manage Let's Encrypt issued certificates based on Kubernetes Ingress Resources.
  • Domain validation using ACME HTTP-01, SNI-TLS-01 or DNS-01 challenges.
  • Support for multiple challenge providers.
  • Support for subject alternative names in requested certificates.

Project Goals

  • Demonstrate how to build custom Kubernetes controllers.
  • Demonstrate how to use Kubernetes Custom Resource Definitions.
  • Demonstrate how to interact with the Kubernetes API (watches, reconciliation, etc).
  • Demonstrate how to write great documentation for Kubernetes add-ons and extensions.
  • Promote the usage of Let's Encrypt for securing web applications running on Kubernetes.




You can’t perform that action at this time.