Category: Technology

The self-signed certs (certificates) for mutual TLS, used as a means of security and authentication for communication between Spinnaker microservices, are usually short-lived (maybe for three months) and expire after the specified period of time. If the mTLS certs are approaching expiry, these certs need to be updated to extend their expiry time. The cert-manager is a native Kubernetes certificate management controller that helps with issuing certificates from a variety of sources, such as Let’s Encrypt, HashiCorp Vault, Venafi, a simple signing key pair, or self-signed. It ensures certificates are valid and up to date, and attempts to renew certificates at a configured time before expiry on its own. To know more, about the certs, cert issuers – CA (certificate authorities), how to create them and use them as means of authentication