Skip to content
A Let's Encrypt certificates manager for Kubernetes
Shell Smarty HTML Dockerfile
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.

A Let's Encrypt certificates manager for Kubernetes

This chart use the script to generate Let's Encrypt certifcates with DNS validation only; it uses Kubernetes Job to get and renew certificates.

Ingress annotations

Name Example Description "true" Enable Certs on this ingress when value is set to "true".
Default value is empty. "dns_gd" Set the --dns parameter: (see [] for all --dns supported values).
Default value is empty. "true" Enable acme staging certificate validation when value is set to "true".
Default value is empty. "--keylength ec-256" Add more arguments to command used to generate certificates.
Default value is empty. " -h" Replace the command to use for generating certificates.
Default value is empty.

Chart configuration

Parameter Default Description
image.registry mathnao Set the docker image registry to use.
image.repository certs Set the docker image repository to use.
image.tag tag Set the docker image tag to use.
schedule 0 0,12 * * * Set the job schedule to run dns validation for certificate renew.
backoffLimit 1 Specify the number of retries before considering a job as failed.
activeDeadlineSeconds 600 Set an active deadline for terminatting a job.
ttlSecondsAfterFinished 120 Set a TTL for cleaning a job.
successfulJobsHistoryLimit 3 Specify how many completed jobs should be kept.
manageAllNamespaces false Whether or not certs should manage all namespaces for generating certificates.
debug false Display more logs when value is set to "true".
failedJobsHistoryLimit 1 Specify how many failed jobs should be kept.
env [] List all environment variables needed to run a dns validation for certificate renew.
demo.enabled false Enable a demo backend for test purpose.
demo.image mathnao/light-test-server Set the docker image to use for the demo backend
demo.service.type ClusterIP Set the service type for the demo backend
demo.service.port 8080 Set the service port for the demo backend
demo.secretName demo-ingress-cert Set the secret name for storing generated certificates
demo.hosts - "" Set the list of your hosts to generate Let's Encrypt certificate

Deployment example

1/ Have your Ingress Controller deployed and ready

2/ Register your ingress, for example:

apiVersion: extensions/v1beta1
kind: Ingress
  name: test-ingress
  annotations: "true" "dns_gd" /
  - hosts:
    secretName: testsecret-tls
  - host:
      - path: /
          serviceName: service1
          servicePort: 80

3/ Install Certs chart:

# Add the `Certs` Helm repository
helm repo add certs

# Update your local Helm chart repository cache
helm repo update

# Install the `Certs` Helm chart in the same namespace than your ingresses
helm install \
  --name certs \
  --namespace app \
  --values values.yaml \

values.yaml file may content for example:

# schedule a Kubernetes Job twice a day, certificate is renewed only if it is going to expire soon
schedule: "0 2,14 * * *"

# add all necessary environment variables for dns validation
# see
- name: GD_Key
  value: XXXX
- name: GD_Secret
  value: XXXX

4/ Visit webpage, you should have a valid Let's Encrypt certificate



This code is distributed under the Apache License, Version 2.0, see LICENSE for more information.


Your donation helps to maintain Certs:


You can’t perform that action at this time.