Awesome
Kubernetes Certificate Manager
Deprecation notice: This project is deprecated in favor of cert-manager
This project is loosely based on https://github.com/kelseyhightower/kube-cert-manager It took over most of its documentation, license, as well as the general approach to how things work.
The code itself however, was entirely reimplemented to use xenolf/lego as the basis, instead of reimplementing an ACME client and DNS plugins.
Version
Please note: This is the documentation for the currently in development version of kcm, please refer to v0.4.0 for documentation for the latest stable version
Special note for upgrading from earlier versions
If you are upgrading from a version before 0.5.0 then note that the default way to identify Ingress resources
to be managed by the certificate manager has changed, from the enabled
annotation, to the class
label.
Backwards compatible behaviour is available by setting the -class
argument to a blank value.
Features
- Manage Kubernetes TLS secrets backed by Let's Encrypt issued certificates.
- Manage Let's Encrypt issued certificates based on Kubernetes ThirdParty Resources.
- Manage Let's Encrypt issued certificates based on Kubernetes Ingress Resources.
- Domain validation using ACME HTTP-01, SNI-TLS-01 or DNS-01 challenges.
- Support for multiple challenge providers.
- Support for subject alternative names in requested certificates.
Project Goals
- Demonstrate how to build custom Kubernetes controllers.
- Demonstrate how to use Kubernetes Custom Resource Definitions.
- Demonstrate how to interact with the Kubernetes API (watches, reconciliation, etc).
- Demonstrate how to write great documentation for Kubernetes add-ons and extensions.
- Promote the usage of Let's Encrypt for securing web applications running on Kubernetes.
Requirements
- Kubernetes 1.7+
- At least one configured challenge provider