{"id":43312250,"url":"https://github.com/kadras-io/package-for-cert-manager","last_synced_at":"2026-02-01T21:25:16.357Z","repository":{"id":138103111,"uuid":"555990160","full_name":"kadras-io/package-for-cert-manager","owner":"kadras-io","description":"Kubernetes-native package for cert-manager, a cloud-native solution to automatically provision and manage X.509 certificates.","archived":false,"fork":false,"pushed_at":"2025-05-30T19:24:27.000Z","size":275,"stargazers_count":1,"open_issues_count":9,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-31T04:17:54.797Z","etag":null,"topics":["carvel","cert-manager","certificate-management","kadras","kapp-controller","kubernetes","security","tls"],"latest_commit_sha":null,"homepage":"","language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kadras-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS.md","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS.md","copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-10-22T20:16:25.000Z","updated_at":"2025-05-30T19:17:31.000Z","dependencies_parsed_at":null,"dependency_job_id":"6a297133-2455-466b-845e-1e8905e5a994","html_url":"https://github.com/kadras-io/package-for-cert-manager","commit_stats":null,"previous_names":[],"tags_count":32,"template":false,"template_full_name":null,"purl":"pkg:github/kadras-io/package-for-cert-manager","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kadras-io%2Fpackage-for-cert-manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kadras-io%2Fpackage-for-cert-manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kadras-io%2Fpackage-for-cert-manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kadras-io%2Fpackage-for-cert-manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kadras-io","download_url":"https://codeload.github.com/kadras-io/package-for-cert-manager/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kadras-io%2Fpackage-for-cert-manager/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28991734,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-01T20:57:35.821Z","status":"ssl_error","status_checked_at":"2026-02-01T20:57:29.580Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["carvel","cert-manager","certificate-management","kadras","kapp-controller","kubernetes","security","tls"],"created_at":"2026-02-01T21:25:15.618Z","updated_at":"2026-02-01T21:25:16.347Z","avatar_url":"https://github.com/kadras-io.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cert-manager\n\n![Test Workflow](https://github.com/kadras-io/package-for-cert-manager/actions/workflows/test.yml/badge.svg)\n![Release Workflow](https://github.com/kadras-io/package-for-cert-manager/actions/workflows/release.yml/badge.svg)\n[![The SLSA Level 3 badge](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev/spec/v1.0/levels)\n[![The Apache 2.0 license badge](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![Follow us on Bluesky](https://img.shields.io/static/v1?label=Bluesky\u0026message=Follow\u0026color=1DA1F2)](https://bsky.app/profile/kadras.bsky.social)\n\nA Carvel package for [cert-manager](https://cert-manager.io), a cloud-native solution to automatically provision and manage X.509 certificates in Kubernetes.\n\n## 🚀\u0026nbsp; Getting Started\n\n### Prerequisites\n\n* Kubernetes 1.33+\n* Carvel [`kctrl`](https://carvel.dev/kapp-controller/docs/latest/install/#installing-kapp-controller-cli-kctrl) CLI.\n* Carvel [kapp-controller](https://carvel.dev/kapp-controller) deployed in your Kubernetes cluster. You can install it with Carvel [`kapp`](https://carvel.dev/kapp/docs/latest/install) (recommended choice) or `kubectl`.\n\n  ```shell\n  kapp deploy -a kapp-controller -y \\\n    -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml\n  ```\n\n### Installation\n\nAdd the Kadras [package repository](https://github.com/kadras-io/kadras-packages) to your Kubernetes cluster:\n\n  ```shell\n  kctrl package repository add -r kadras-packages \\\n    --url ghcr.io/kadras-io/kadras-packages \\\n    -n kadras-system --create-namespace\n  ```\n\n\u003cdetails\u003e\u003csummary\u003eInstallation without package repository\u003c/summary\u003e\nThe recommended way of installing the cert-manager package is via the Kadras \u003ca href=\"https://github.com/kadras-io/kadras-packages\"\u003epackage repository\u003c/a\u003e. If you prefer not using the repository, you can add the package definition directly using \u003ca href=\"https://carvel.dev/kapp/docs/latest/install\"\u003e\u003ccode\u003ekapp\u003c/code\u003e\u003c/a\u003e or \u003ccode\u003ekubectl\u003c/code\u003e.\n\n  ```shell\n  kubectl create namespace kadras-system\n  kapp deploy -a cert-manager-package -n kadras-system -y \\\n    -f https://github.com/kadras-io/package-for-cert-manager/releases/latest/download/metadata.yml \\\n    -f https://github.com/kadras-io/package-for-cert-manager/releases/latest/download/package.yml\n  ```\n\u003c/details\u003e\n\nInstall the cert-manager package:\n\n  ```shell\n  kctrl package install -i cert-manager \\\n    -p cert-manager.packages.kadras.io \\\n    -v ${VERSION} \\\n    -n kadras-system\n  ```\n\n\u003e **Note**\n\u003e You can find the `${VERSION}` value by retrieving the list of package versions available in the Kadras package repository installed on your cluster.\n\u003e \n\u003e   ```shell\n\u003e   kctrl package available list -p cert-manager.packages.kadras.io -n kadras-system\n\u003e   ```\n\nVerify the installed packages and their status:\n\n  ```shell\n  kctrl package installed list -n kadras-system\n  ```\n\n## 📙\u0026nbsp; Documentation\n\nDocumentation, tutorials and examples for this package are available in the [docs](docs) folder.\nFor documentation specific to cert-manager, check out [cert-manager.io](https://cert-manager.io).\n\n## 🎯\u0026nbsp; Configuration\n\nThe cert-manager package can be customized via a `values.yml` file.\n\n  ```yaml\n  letsencrypt:\n    include: true\n    production: true\n    email: security@example.net\n  ```\n\nReference the `values.yml` file from the `kctrl` command when installing or upgrading the package.\n\n  ```shell\n  kctrl package install -i cert-manager \\\n    -p cert-manager.packages.kadras.io \\\n    -v ${VERSION} \\\n    -n kadras-system \\\n    --values-file values.yml\n  ```\n\n### Values\n\nThe cert-manager package has the following configurable properties.\n\n\u003cdetails\u003e\u003csummary\u003eConfigurable properties\u003c/summary\u003e\n\n| Config | Default | Description |\n|--------|---------|-------------|\n| `namespace` | `cert-manager` | The namespace in which to deploy cert-manager. |\n| `policies.include` | `false` | Whether to include the out-of-the-box Kyverno policies to validate and secure the package installation. |\n\nSettings for the corporate proxy.\n\n| Config | Default | Description |\n|--------|---------|-------------|\n| `proxy.http_proxy` | `\"\"` | The HTTPS proxy to use for network traffic. |\n| `proxy.https_proxy` | `\"\"` | The HTTP proxy to use for network traffic. |\n| `proxy.no_proxy` | `\"\"` | A comma-separated list of hostnames, IP addresses, or IP ranges in CIDR format that should not use the proxy. |\n\nSettings for the cert-manager controller.\n\n| Config | Default | Description |\n|--------|---------|-------------|\n| `controller.loglevel` | `2` | Number of the log level verbosity. |\n| `controller.replicas` | `1` | The number of replicas. In order to enable high availability, 2 replicas are recommended. |\n| `controller.dns01.recursive_nameservers` | `[]` | Each nameserver can be either the IP address and port of a standard recursive DNS server, or the endpoint to an RFC 8484 DNS over HTTPS endpoint. |\n| `controller.dns01.recursive_nameservers_only` | `false` | When true, cert-manager will only ever query the configured DNS resolvers to perform the ACME DNS01 self check. This is useful in DNS constrained environments, where access to authoritative nameservers is restricted. Enabling this option could cause the DNS01 self check to take longer due to caching performed by the recursive nameservers. |\n\nSettings for the cert-manager cainjector.\n\n| Config | Default | Description |\n|--------|---------|-------------|\n| `cainjector.loglevel` | `2` | Number of the log level verbosity. |\n| `cainjector.replicas` | `1` | The number of replicas. In order to enable high availability, 2 replicas are recommended. |\n\nSettings for the cert-manager webhook.\n\n| Config | Default | Description |\n|--------|---------|-------------|\n| `webhook.loglevel` | `2` | Number of the log level verbosity. |\n| `webhook.replicas` | `1` | The number of replicas. In order to enable high availability, at least 3 replicas are recommended. |\n| `webhook.host_network` | `false` | Whether to run the webhook in the host network so that it can be reached by the cert-manager controller in environments like AWS EKS. More information: https://cert-manager.io/docs/installation/compatibility. |\n| `webhook.secure_port` | `6443` | The port where the webhook is exposed. The default port needs changing in environments like AWS EKS and AWS Fargate. More information: https://cert-manager.io/docs/installation/compatibility. |\n\nLeader election configuration for the cert-manager controller and cainjector Deployments.\n\n| Config | Default | Description |\n|--------|---------|-------------|\n| `leader_election.namespace` | `kube-system` | Namespace used to perform leader election. The default namespace needs changing in environments like GKE. More information: https://cert-manager.io/docs/installation/compatibility. |\n\nIssues configuration.\n\n| Config | Default | Description |\n|-------|-------------------|-------------|\n| `private_pki.include` | `true` | Whether to include a ClusterIssuer for a private PKI. |\n| `letsencrypt.include` | `false` | Whether to include a ClusterIssuer for Let's Encrypt. |\n| `letsencrypt.production` | `false` | Whether to use Let's Encrypt staging (recommended for non-production environments) or production. |\n| `letsencrypt.email` | `\"\"` | The email address that Let's Encrypt will use to send info on expiring certificates or other issues. |\n| `letsencrypt.challenge.type` | `http01` | The type of challenge used by the ACME CA Server. Valid options: `http01`, `dns01`. |\n| `letsencrypt.challenge.secret.name` | `\"\"` | Name of the Secret containing the credentials needed for the dns01 challenge. |\n| `letsencrypt.challenge.secret.key` | `\"\"` | The key within the Secret that contains the credentials needed for the dns01 challenge. |\n| `letsencrypt.challenge.secret.namespace` | `\"\"` | Namespace containing the Secret with the credentials needed for the dns01 challenge. |\n| `letsencrypt.challenge.dns_provider` | `http01` | The DNS provider to use for the ACME dns01 challenge. Valid options: `cloudflare`, `digital_ocean`. |\n\n\u003c/details\u003e\n\n## 🛡️\u0026nbsp; Security\n\nThe security process for reporting vulnerabilities is described in [SECURITY.md](SECURITY.md).\n\n## 🖊️\u0026nbsp; License\n\nThis project is licensed under the **Apache License 2.0**. See [LICENSE](LICENSE) for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkadras-io%2Fpackage-for-cert-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkadras-io%2Fpackage-for-cert-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkadras-io%2Fpackage-for-cert-manager/lists"}