IBM Certificate manager (cert-manager)
You can use your product cert-manager to create and mount a certificate to a Kubernetes Deployment, StatefulSet, or DaemonSet. You can also create and add a certificate to a Kubernetes Ingress.
Issuer, ClusterIssuer, and Certificate are Kubernetes resource types that were introduced to support certificate generation and lifecycle management. For more information about cert-manager, see the cert-manager documentation .
See the following list to learn how your product cert-manager works:
- The Issuer signs new certificates and key pairs.
- The certificate object is similar to a certificate signing request.
- The actual X.509 certificate and key pair for TLS or authentication is stored as a Kubernetes Secret.
- The certificate is renewed automatically or can be renewed manually.
First, create an Issuer and then create a certificate that will be signed by that Issuer. Your product Certificate manager generates an X.509 certificate and key pair and stores it within a Kubernetes Secret.
For more information about Certificate manager and other configuration tools, see the following product documentation:
For information about refreshing, replacing, and restoring certificates that are created and managed by Installer, see Certificate management