IBM Certificate manager (cert-manager)
You can use your product cert-manager to create and mount a certificate to a Kubernetes Deployment, StatefulSet, or DaemonSet. You can also create and add a certificate to a Kubernetes Ingress.
Issuer, ClusterIssuer, and Certificate are Kubernetes resource types that were introduced to support certificate generation and lifecycle management. For more information about cert-manager, see the cert-manager community documentation .
See the following list to learn how your product cert-manager works:
- The Issuer signs new certificates and key pairs.
- The certificate object is similar to a certificate signing request.
- The actual X.509 certificate and key pair for TLS or authentication is stored as a Kubernetes Secret.
- The certificate is renewed automatically or can be renewed manually.
First, create an Issuer and then create a certificate that will be signed by that Issuer. Your product Certificate manager generates an X.509 certificate and key pair and stores it within a Kubernetes Secret.
Listing your Issuers and Certificates
To list your v1 Issuers and Certificates, complete the following actions:
-
To list the
v1
Issuers, run the followingoc
command:oc get issuers
-
To list the
v1
Certificates, run the followingoc
command:oc get certs
If, after running these commands, you do not see any v1
Issuers and Certificates, and you expect there to be Issuers and Certificates, list the v1alpha1
Issuers and Certificates.
To list your v1alpha1
Issuers and Certificates, complete the following actions:
-
To list
v1alpha1
Issuers, run the followingoc
command:oc get issuers.v1alpha1.certmanager.k8s.io`
-
To list
v1alpha1
Certificates, run the followingoc
command:oc get certificates.v1alpha1.certmanager.k8s.io
Certificate manager supports IPv4 and IPv6 addresses.
For more information about Certificate manager and other configuration tools, see the following product documentation:
- Creating your own self-signed and CA Issuers
- Creating cert-manager certificates
- Bringing your own CA Certificate
- Viewing cert-manager resources
- Troubleshooting certificate manager service
Note: The apiVersion certmanager.k8s.io/v1alpha1
in all cert-manager Custom Resources (Certificates, Issuers, and ClusterIssuers) is deprecated and replaced by cert-manager.io/v1
.