Solutions
Audit & Optimization Platform Design Automation Team Structure
Documentation Blog
Get Started
Secrets 2024

Cert Manager 1.14: Enhanced TLS Certificate Management

K8s Guru
2 min read
#cert-manager #tls #certificates #acme #security #kubernetes
Cert Manager 1.14: Enhanced TLS Certificate Management

Table of Contents

Introduction

Cert Manager 1.14, released on July 25, 2024, enhances TLS certificate management on Kubernetes with improved ACME integration, better certificate rotation, enhanced observability, and expanded issuer support. This release makes certificate management more reliable and easier to operate.

ACME Improvements

  • Challenge enhancements provide more reliable certificate issuance with improved retry logic.
  • DNS-01 solver improvements support more DNS providers and better error handling.
  • HTTP-01 solver enhancements provide better integration with ingress controllers.
  • Rate limiting handling improves behavior when encountering ACME provider rate limits.

Certificate Rotation

  1. Automatic rotation ensures certificates are renewed before expiration without manual intervention.
  2. Pre-renewal window configuration allows fine-tuning of renewal timing.
  3. Rotation notifications provide alerts when certificates are being rotated.
  4. Rollback capabilities enable recovery from failed certificate rotations.

Enhanced Observability

  • Metrics expansion provides detailed metrics for certificate lifecycle events.
  • Events improvements provide better visibility into certificate operations.
  • Logging enhancements enable better troubleshooting of certificate issues.
  • Status reporting provides comprehensive information about certificate health.

Issuer Support

  • New issuers support additional certificate authorities and providers.
  • Vault integration improvements provide better integration with HashiCorp Vault.
  • Cloud provider issuers enable native integration with cloud certificate services.
  • Custom issuers allow integration with any certificate authority through extensible APIs.

Getting Started

# Install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.0/cert-manager.yaml

Create a ClusterIssuer for Let’s Encrypt:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx

Summary

AspectDetails
Release DateJuly 25, 2024
Headline FeaturesACME improvements, certificate rotation, enhanced observability, expanded issuer support
Why it MattersDelivers reliable TLS certificate management with improved automation and observability

Cert Manager 1.14 continues to be the standard for TLS certificate management on Kubernetes, providing teams with reliable and automated certificate lifecycle management.