Awesome

Kubernetes Certificate Manager

Deprecation notice: This project is deprecated in favor of cert-manager

This project is loosely based on https://github.com/kelseyhightower/kube-cert-manager It took over most of its documentation, license, as well as the general approach to how things work.

The code itself however, was entirely reimplemented to use xenolf/lego as the basis, instead of reimplementing an ACME client and DNS plugins.

Version

Please note: This is the documentation for the currently in development version of kcm, please refer to v0.4.0 for documentation for the latest stable version

Special note for upgrading from earlier versions

If you are upgrading from a version before 0.5.0 then note that the default way to identify Ingress resources to be managed by the certificate manager has changed, from the enabled annotation, to the class label. Backwards compatible behaviour is available by setting the -class argument to a blank value.

Features

Manage Kubernetes TLS secrets backed by Let's Encrypt issued certificates.
Manage Let's Encrypt issued certificates based on Kubernetes ThirdParty Resources.
Manage Let's Encrypt issued certificates based on Kubernetes Ingress Resources.
Domain validation using ACME HTTP-01, SNI-TLS-01 or DNS-01 challenges.
Support for multiple challenge providers.
Support for subject alternative names in requested certificates.

Project Goals

Demonstrate how to build custom Kubernetes controllers.
Demonstrate how to use Kubernetes Custom Resource Definitions.
Demonstrate how to interact with the Kubernetes API (watches, reconciliation, etc).
Demonstrate how to write great documentation for Kubernetes add-ons and extensions.
Promote the usage of Let's Encrypt for securing web applications running on Kubernetes.