Skip to content
Automatically provision and manage TLS certificates in Kubernetes
Go Starlark Shell Other
Branch: master
Clone or download

Latest commit

jetstack-bot Merge pull request #2858 from FairwindsOps/sudermanjr/helm-chart-cont…

Fix #2849 Add container security context to helm chart deployments
Latest commit bd5cd51 May 23, 2020


Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Add additional issue template types Aug 9, 2018
build Fix 'make images' May 6, 2020
cmd Use acme AccountRegistry throughout and tidy up ACME setup code May 13, 2020
deploy Merge pull request #2858 from FairwindsOps/sudermanjr/helm-chart-cont… May 23, 2020
design WIP: draft of extensible certificates controller doc Apr 15, 2020
devel Allow setting FEATURE_GATES in devel/addon/certmanager/ Apr 15, 2020
docs Remove docs/ directory and replace with basic README Jan 20, 2020
hack Remove x-kubernetes-preserve-unknown-fields from Issuer and ClusterIs… May 13, 2020
logo Add logo in svg format Jul 8, 2019
pkg accounts: Use RWMutex instead of regular Mutex May 13, 2020
test Moves ctl kubeconfig flags to top level Apr 30, 2020
tools/cobra Update references to ctl binary name May 5, 2020
.bazelrc Move into hack/build Sep 27, 2019
.gitignore Moves ctl kubeconfig flags to top level Apr 30, 2020
BUILD.bazel Remove UBI May 1, 2020 Create Oct 22, 2017 Add details on DCO sign-off Aug 13, 2018
LICENSE add apache 2.0 license Jul 22, 2017
LICENSES Adds doc generation for cobra controlled ctl comands Apr 30, 2020
Makefile Fix 'make images' May 6, 2020
OWNERS Add meyskens to reviewers and approvers Mar 5, 2020 Update Helm chart & other docs with new URLs and info Mar 24, 2020
WORKSPACE Bump Go to 1.14.2 May 4, 2020
go.mod Adds doc generation for cobra controlled ctl comands Apr 30, 2020
go.sum Adds doc generation for cobra controlled ctl comands Apr 30, 2020

Build Status Go Report Card


cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources.

It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry.

It is loosely based upon the work of kube-lego and has borrowed some wisdom from other similar projects e.g. kube-cert-manager.

cert-manager high level overview diagram

Current status

As this project is pre-1.0, we do not currently offer strong guarantees around our API stability.

Notably, we may choose to make breaking changes to our API specification (i.e. the Issuer, ClusterIssuer and Certificate resources) in new minor releases.

These will always be clearly documented in the upgrade section of the documentation.


Documentation for cert-manager can be found at Please make sure to select the correct version of the documentation to view on the top right of the page.

For the common use-case of automatically issuing TLS certificates to Ingress resources, aka a kube-lego replacement, see the cert-manager nginx ingress quick start guide.

See Installation within the documentation for installation instructions.


If you encounter any issues whilst using cert-manager, we have a number of places you can use to try and get help.

The quickest way to ask a question is to first post on our Slack channel (#cert-manager) on the Kubernetes Slack. There are a lot of community members in this channel, and you can often get an answer to your question straight away!

You can also try searching for an existing issue. Properly searching for an existing issue will help reduce the number of duplicates, and help you find the answer you are looking for quicker.

Please also make sure to read through the relevant pages in the documentation before opening an issue. You can also search the documentation using the search box on the top left of the page.

If you believe you have encountered a bug, and cannot find an existing issue similar to your own, you may open a new issue. Please be sure to include as much information as possible about your environment.


There is a Google Group used for project wide announcements and development coordination. Anybody can join the group by visiting here and clicking "Join Group". A Google account is required to join the group.

Bi-weekly development meeting

Once you have become a member, you should receive an invite to the bi-weekly development meeting, hosted on Wednesdays at 5pm UK Time on

Anyone is welcome to join these calls, even if just to ask questions.
Meeting notes are recorded in Google docs.

Daily standups

You are also welcome to join our daily standup every day at 10.30am UK Time on Google Meet. Invites are sent via the Google Group


We welcome pull requests with open arms! There's a lot of work to do here, and we're especially concerned with ensuring the longevity and reliability of the project.

Please take a look at our issue tracker if you are unsure where to start with getting involved!

We also use the #cert-manager channel on for chat relating to the project.

Developer documentation is available in the official documentation.


The list of releases is the best place to look for information on changes between releases.

Logo design by Zoe Paterson

You can’t perform that action at this time.