This project is loosely based on https://github.com/kelseyhightower/kube-cert-manager It took over most of its documentation, license, as well as the general approach to how things work.

The code itself however, was entirely reimplemented to use xenolf/lego as the basis, instead of reimplementing an ACME client and DNS plugins.

Please note: This is the documentation for the currently in development version of kcm, please refer to v0.4.0 for documentation for the latest stable version

If you are upgrading from a version before 0.5.0 then note that the default way to identify Ingress resources to be managed by the certificate manager has changed, from the enabled annotation, to the class label. Backwards compatible behaviour is available by setting the -class argument to a blank value.

• Manage Kubernetes TLS secrets backed by Let's Encrypt issued certificates.
• Manage Let's Encrypt issued certificates based on Kubernetes ThirdParty Resources.
• Manage Let's Encrypt issued certificates based on Kubernetes Ingress Resources.
• Domain validation using ACME HTTP-01, SNI-TLS-01 or DNS-01 challenges.
• Support for multiple challenge providers.
• Support for subject alternative names in requested certificates.

• Demonstrate how to build custom Kubernetes controllers.
• Demonstrate how to use Kubernetes Custom Resource Definitions.
• Demonstrate how to interact with the Kubernetes API (watches, reconciliation, etc).
• Demonstrate how to write great documentation for Kubernetes add-ons and extensions.
• Promote the usage of Let's Encrypt for securing web applications running on Kubernetes.

• Kubernetes 1.7+
• At least one configured challenge provider

• Deployment Guide
• Creating a Certificate
• Deleting a Certificate
• Consuming Certificates

• Managing Certificates for Ingress Resources
• Garbage Collection of Secrets

• Secure Deployment using RBAC

• Deployment Arguments
• Certificate Custom Resource Definitions
• Certificate Resources
• Challenge Providers
• Building Container Image with AWS CodeBuild