Skip to content

Keptn Cert Manager

The Keptn Cert Manager is a Kubernetes operator that automatically configures TLS certificates to secure communication with the Kubernetes API.

Keptn includes mutating, validating and conversion Webhooks that require TLS certificates to be mounted as a volume. These webhooks and CRDs contain a "true" label indicating that these resources require a TLS certificate.

graph TD;

E((Manifests)) -- apply --> D[Kubernetes API]
F[Webhook Controller] <-- watches Secret --> D

style D fill:#006bb8,stroke:#fff,stroke-width:px,color:#fff
style F fill:#d8e6f4,stroke:#fff,stroke-width:px,color:#006bb8
style E fill:#fff,stroke:#123,stroke-width:px,color:#006bb8

How it works:

  • Keptn Cert Manager looks for the resources with "true" label.
  • It creates a secret (if it does not exist yet) with a TLS certificate in the Keptn installation namespace and mounts this Secret as a volume to the labelled resource.
  • The TLS certificate stored in the Secret has an expiration time of 12 hours and is automatically renewed.

If you don't want to use Keptn Cert Manager, you can instead use for this purpose.


When experiencing problems with setting up, please refer to the troubleshooting page.