MCPcopy
hub / github.com/cert-manager/cert-manager

github.com/cert-manager/cert-manager @v1.20.3 sqlite

repository ↗ · DeepWiki ↗ · release v1.20.3 ↗
6,287 symbols 24,265 edges 890 files 2,830 documented · 45%
README

cert-manager project logo

Build Status Go Report Card

Artifact Hub Scorecard score CLOMonitor

cert-manager

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates.

It supports issuing certificates from a variety of sources, including Let's Encrypt (ACME), HashiCorp Vault, and CyberArk Certificate Manager, as well as local in-cluster issuance.

cert-manager also ensures certificates remain valid and up to date, attempting to renew certificates at an appropriate time before expiry to reduce the risk of outages and remove toil.

cert-manager high level overview diagram

Documentation

Documentation for cert-manager can be found at cert-manager.io.

For the common use-case of automatically issuing TLS certificates for Ingress resources, see the cert-manager nginx-ingress quick start guide.

For a more comprehensive guide to issuing your first certificate, see our getting started guide.

Installation

Installation is documented on the website, with a variety of supported methods.

Developing cert-manager

We actively welcome contributions and we support both Linux and macOS environments for development.

Different platforms have different requirements; we document everything on our Building cert-manager website page.

Note in particular that macOS has several extra requirements, to ensure that modern tools are installed and available. Read the page before getting started!

Troubleshooting

If you encounter any issues whilst using cert-manager, we have a number of ways to get help:

If you believe you've found a bug and cannot find an existing issue, feel free to open a new issue! Be sure to include as much information as you can about your environment.

Community

The cert-manager-dev Google Group is used for project wide announcements and development coordination. Anybody with a Google account can join the group by visiting the group and clicking "Join Group".

Meetings

We have several public meetings which any member of our Google Group is more than welcome to join!

Check out the details on our website. Feel free to drop in and ask questions, chat with us or just to say hi!

Contributing

We welcome pull requests with open arms! There's a lot of work to do here, and we're especially concerned with ensuring the longevity and reliability of the project. The contributing guide will help you get started.

Coding Conventions

Code style guidelines are documented on the coding conventions page of the cert-manager website. Please try to follow those guidelines if you're submitting a pull request for cert-manager.

Importing cert-manager as a Module

⚠️ Please note that cert-manager does not currently provide a Go module compatibility guarantee. That means that most code under pkg/ is subject to change in a breaking way, even between minor or patch releases and even if the code is currently publicly exported.

The lack of a Go module compatibility guarantee does not affect API version guarantees under the Kubernetes Deprecation Policy.

For more details see Importing cert-manager in Go on the cert-manager website.

The import path for cert-manager versions 1.8 and later is github.com/cert-manager/cert-manager.

For all versions of cert-manager before 1.8, including minor and patch releases, the import path is github.com/jetstack/cert-manager.

Security Reporting

Security is the number one priority for cert-manager. If you think you've found a security vulnerability, we'd love to hear from you.

Follow the instructions in SECURITY.md to make a report.

Changelog

Every release on GitHub has a changelog, and we also publish release notes on the website.

History

cert-manager is loosely based upon the work of kube-lego and has borrowed some wisdom from other similar projects such as kube-cert-manager.

Logo design by Zoe Paterson

Extension points exported contracts — how you extend this code

IssuerNamespaceLister (Interface)
IssuerNamespaceLister helps list and get Issuers. All objects returned here must be treated as read-only. [8 implementers]
pkg/client/listers/certmanager/v1/issuer.go
Issuer (Interface)
Issuer implements the functionality to sign a certificate request for a particular issuer type. [18 implementers]
pkg/controller/certificaterequests/controller.go
ValidationInterface (Interface)
ValidationInterface defines an admission handler that validates requests. It may not perform any kind of mutation. [19 …
pkg/webhook/admission/interfaces.go
Addon (Interface)
Addon is an interface that defines an e2e addon. [7 implementers]
test/e2e/framework/addon/internal/globals.go
SecretInformer (Interface)
SecretInformer is like client-go SecretInformer https://github.com/kubernetes/client-go/blob/release-1.26/informers/core [9 …
internal/informers/core.go
RecordsClient (Interface)
RecordsClient is a wrapper interface around the Azure SDK RecordsClient. This interface should satisfy both public and p [4 …
pkg/issuer/acme/dns/azuredns/azure_types.go
Solver (Interface)
Solver has the functionality to solve ACME challenges. This interface is implemented internally by RFC2136 DNS provider [4 …
pkg/acme/webhook/webhook.go
ScheduledWorkQueue (Interface)
ScheduledWorkQueue is an interface to describe a queue that will execute the given ProcessFunc with the object given to [3 …
pkg/scheduler/scheduler.go

Core symbols most depended-on inside this repo

CertmanagerV1
called by 504
pkg/client/clientset/versioned/clientset.go
Create
called by 367
pkg/client/clientset/versioned/typed/acme/v1/order.go
Secrets
called by 268
internal/informers/core.go
Run
called by 266
pkg/controller/register.go
Get
called by 236
pkg/issuer/acme/dns/azuredns/azure_types.go
CertificateRequestFrom
called by 233
test/unit/gen/certificaterequest.go
Issuers
called by 217
pkg/client/listers/certmanager/v1/issuer.go
Add
called by 197
pkg/scheduler/scheduler.go

Shape

Function 3,092
Method 2,226
Struct 728
Interface 108
FuncType 70
TypeAlias 63

Languages

Go100%

Modules by API surface

internal/generated/openapi/zz_generated.openapi.go504 symbols
internal/apis/certmanager/v1/zz_generated.conversion.go158 symbols
internal/apis/acme/v1/zz_generated.conversion.go156 symbols
pkg/apis/certmanager/v1/zz_generated.deepcopy.go86 symbols
internal/apis/certmanager/zz_generated.deepcopy.go86 symbols
pkg/acme/webhook/openapi/zz_generated.openapi.go84 symbols
pkg/apis/acme/v1/zz_generated.deepcopy.go82 symbols
internal/apis/acme/zz_generated.deepcopy.go82 symbols
third_party/forked/acme/types.go51 symbols
test/unit/gen/issuer.go40 symbols
test/unit/gen/certificate.go38 symbols
third_party/forked/acme/acme.go36 symbols

Used by 1 indexed graphs manifest dependencies, hub-wide

Dependencies from manifests, versioned

cel.dev/exprv0.25.1 · 1×
cloud.google.com/go/authv0.18.2 · 1×
cloud.google.com/go/auth/oauth2adaptv0.2.8 · 1×
cloud.google.com/go/compute/metadatav0.9.0 · 1×
github.com/AdaLogics/go-fuzz-headersv0.0.0-2024080614160 · 1×
github.com/Azure/azure-sdk-for-go/sdk/azcorev1.21.0 · 1×
github.com/Azure/azure-sdk-for-go/sdk/azidentityv1.13.1 · 1×
github.com/Azure/azure-sdk-for-go/sdk/internalv1.11.2 · 1×
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdnsv1.2.0 · 1×
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatednsv1.3.0 · 1×
github.com/Azure/go-ansitermv0.0.0-2023012417243 · 1×
github.com/Azure/go-ntlmsspv0.1.1 · 1×

For agents

$ claude mcp add cert-manager \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact