IBM Certificate manager (cert-manager)
You can use your product cert-manager to create and mount a certificate to a Kubernetes Deployment, StatefulSet, or DaemonSet. You can also create and add a certificate to a Kubernetes Ingress.
Issuer, ClusterIssuer, and Certificate are Kubernetes resource types that were introduced to support certificate generation and lifecycle management. For more information about cert-manager, see the cert-manager community documentation .
See the following list to learn how your product cert-manager works:
- The Issuer signs new certificates and key pairs.
- The certificate object is similar to a certificate signing request.
- The actual X.509 certificate and key pair for TLS or authentication is stored as a Kubernetes Secret.
- The certificate is renewed automatically or can be renewed manually.
First, create an Issuer and then create a certificate that will be signed by that Issuer. Your product Certificate manager generates an X.509 certificate and key pair and stores it within a Kubernetes Secret.
Listing your Issuers and Certificates
To list your v1 Issuers and Certificates, complete the following actions:
To list the
v1Issuers, run the following
oc get issuers
To list the
v1Certificates, run the following
oc get certs
If, after running these commands, you do not see any
v1 Issuers and Certificates, and you expect there to be Issuers and Certificates, list the
v1alpha1 Issuers and Certificates.
To list your
v1alpha1 Issuers and Certificates, complete the following actions:
v1alpha1Issuers, run the following
oc get issuers.v1alpha1.certmanager.k8s.io`
v1alpha1Certificates, run the following
oc get certificates.v1alpha1.certmanager.k8s.io
Certificate manager supports IPv4 and IPv6 addresses.
For more information about Certificate manager and other configuration tools, see the following product documentation:
- Creating your own self-signed and CA Issuers
- Creating cert-manager certificates
- Bringing your own CA Certificate
- Viewing cert-manager resources
- Troubleshooting certificate manager service
Note: The apiVersion
certmanager.k8s.io/v1alpha1 in all cert-manager Custom Resources (Certificates, Issuers, and ClusterIssuers) is deprecated and replaced by