IBM Certificate manager (cert-manager)

You can use your product cert-manager to create and mount a certificate to a Kubernetes Deployment, StatefulSet, or DaemonSet. You can also create and add a certificate to a Kubernetes Ingress.

Issuer, ClusterIssuer, and Certificate are Kubernetes resource types that were introduced to support certificate generation and lifecycle management. For more information about cert-manager, see the cert-manager documentation .

See the following list to learn how your product cert-manager works:

• The Issuer signs new certificates and key pairs.
• The certificate object is similar to a certificate signing request.
• The actual X.509 certificate and key pair for TLS or authentication is stored as a Kubernetes Secret.
• The certificate is renewed automatically or can be renewed manually.

First, create an Issuer and then create a certificate that will be signed by that Issuer. Your product Certificate manager generates an X.509 certificate and key pair and stores it within a Kubernetes Secret.

For more information about Certificate manager and other configuration tools, see the following product documentation:

• Creating your own self-signed and CA Issuers
• Creating cert-manager certificates
• Viewing cert-manager resources
• Refreshing cert-manager certificates
• Adding certificates by using the Vault Issuer
• Adding certificates by using the ECDSA algorithm for encryption
• Certificate Manager role-based access control (RBAC) support

For information about refreshing, replacing, and restoring certificates that are created and managed by Installer, see Certificate management