Automatically provision and manage TLS certificates in Kubernetes
Clone or download
jetstack-bot Merge pull request #919 from munnerz/fix-gitlab-ci
Workaround not support v2.2 docker image manifests
Latest commit d374e33 Sep 21, 2018
Failed to load latest commit information.
.github Add additional issue template types Aug 9, 2018
cmd Add docker image building rules Sep 13, 2018
contrib Update deploy manifests with chart cert-manager-v0.6.0-dev.1 Sep 13, 2018
docs Fix issues with ingress-shim doc rendering and remove warning Sep 19, 2018
hack Use bazel for Makefile targets Sep 13, 2018
pkg fix rfc2136 provider missing port error, plumb dnsNameserver01 Sep 17, 2018
test Build out issuer_rbac tests based on certificate_rbac tests Sep 19, 2018
third_party run //hack:update-gofmt Sep 13, 2018
vendor run //hack:update-deps Sep 13, 2018
.bazelrc Add root Bazel build files Sep 13, 2018
.gitignore Add root Bazel build files Sep 13, 2018
.gitlab-ci.yml Workaround not support v2.2 docker image manifests Sep 21, 2018
.kazelcfg.json Add rule to run gazelle and kazel Sep 13, 2018
BUILD.bazel Use bazel to run deploy-gen scripts Sep 13, 2018 Create Oct 22, 2017 Add details on DCO sign-off Aug 13, 2018
Gopkg.lock Add basic tests for certificate permissions Sep 18, 2018
Gopkg.toml Add overrides for transitive deps Aug 20, 2018
LICENSE add apache 2.0 license Jul 22, 2017
Makefile Workaround not support v2.2 docker image manifests Sep 21, 2018
OWNERS Add Richard Wall to OWNERS file Jun 7, 2018 Proof-reading fixes Aug 8, 2018
WORKSPACE Add //hack:{update,verify}-gofmt targets Sep 13, 2018
labels.yaml Update wording Jul 26, 2018


cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources.

It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry.

It is loosely based upon the work of kube-lego and has borrowed some wisdom from other similar projects e.g. kube-cert-manager.

cert-manager high level overview diagram

Current status

As this project is pre-1.0, we do not currently offer strong guarantees around our API stability.

Notably, we may choose to make breaking changes to our API specification (i.e. the Issuer, ClusterIssuer and Certificate resources) in new minor releases.

These will always be clearly documented in the upgrade section of the documentation


Documentation for cert-manager can be found at Please make sure to select the correct version of the documentation to view on the bottom left of the page.


If you encounter any issues whilst using cert-manager, we have a number of places you can use to try and get help.

The quickest way to ask a question is to first post on our Slack channel (#cert-manager) on the Kubernetes Slack. There are a lot of community members in this channel, and you can often get an answer to your question straight away!

You can also try searching for an existing issue. Properly searching for an existing issue will help reduce the number of duplicates, and help you find the answer you are looking for quicker.

Please also make sure to read through the relevant pages in the documentation before opening an issue. You can also search the documentation using the search box on the top left of the page.

If you believe you have encountered a bug, and cannot find an existing issue similar to your own, you may open a new issue. Please be sure to include as much information as possible about your environment.


There is a Google Group used for project wide announcements and development coordination. Anybody can join the group by visiting here and clicking "Join Group". A Google account is required to join the group.

Once you have become a member, you should receive an invite to the weekly development meeting, hosted on Wednesdays at 4pm UTC on

Anyone is welcome to join these calls, even if just to ask questions.

Meeting notes are recorded in Google docs.


We welcome pull requests with open arms! There's a lot of work to do here, and we're especially concerned with ensuring the longevity and reliability of the project.

Please take a look at our issue tracker if you are unsure where to start with getting involved!

We also use the #cert-manager channel on for chat relating to the project.

Developer documentation is available in the official documentation.


The list of releases is the best place to look for information on changes between releases.