Configuring MySQL SSL/TLS authentication with cert-manager

We recently worked on a customer project, where they wanted to secure the connection between their Java Spring Boot application and their MySQL Database, all this running on Google Kubernetes Engine (GKE). We suggested they use cert-manager, our preferred certificate management tool on Kubernetes.

Cert-manager v0.15 and beyond

This post will explore the new features in the recently released cert-manager v0.15, as well as give an overview of our plans for the future of the project. Jump to the bottom for more information on how to get involved and start contributing! The cert-manager project has come leaps and bounds since its beginnings almost three years ago. Initially started to expand on the success of its predecessor, kube-lego, the project is now used by companies all across the world and in all sorts of industries, including government departments, large financial institutions, car manufacturers and retail stores!

Using Kubectl's new Kustomize support for per-environment deployment of cert-manager resources

Introduction Kustomize is an increasingly popular tool for generating Kubernetes manifests, and is now included with Kubectl 1.14. Rather than using templates Kustomize works by applying modifications to already valid manifests. Using this pattern, it provides various features including resource namespacing, modification of metadata, and generation of Kubernetes Secrets. To start using Kustomize you need one or more Kubernetes manifests and a kustomization.yaml file. The kustomization.yaml file is itself a manifest, which specifies a list of resources, patches to apply, and various other options.

Cert-manager reaches v0.6

We’re excited to announce v0.6 of cert-manager, the general purpose X.509 certificate management tool for Kubernetes. Cert-manager provides automated issuance, renewal and management of certificates within your organisation.

Certificate management in highly dynamic environments is no easy feat, and if approached without careful consideration could quickly lead to outages and service interuption when certificates begin expiring. By standardising on a single tool for managing your PKI assets, you can ensure that certificates are being automatically renewed, and that the appropriate teams are notified if there are any issues or policy violations within your cluster.

Cert-manager: native x509 certificate management for Kubernetes

Those of you who closely follow Jetstack’s open source projects may have already noticed that our new certificate management tool, cert-manager, has been available for some time now. In fact, we now have over 1,000 stars on GitHub!

Cert-manager is a general purpose x509 certificate management tool for Kubernetes. In today’s modern web, securing application traffic is critical. cert-manager aims to simplify management, issuance and renewal of certificates within your organisation.