Master Kubernetes Certificate Management with the kubectl cert-manager Plugin
This guide walks you through installing the kubectl cert-manager plugin via krew or offline, checking certificate renewal status, manually renewing certificates, and understanding key timestamps, all to streamline Kubernetes certificate management and boost operational efficiency.
Install cert-manager plugin
Use krew to install the
cert-managerplugin. If krew is not installed, refer to the linked article. Run:
<code>$ kubectl krew install cert-manager</code>For offline installation, download the binary and move it to
/usr/local/bin:
<code>$ curl -L -o kubectl-cert-manager.tar.gz https://github.com/cert-manager/cert-manager/releases/download/v1.12.13/kubectl-cert_manager-linux-amd64.tar.gz
$ tar xzf kubectl-cert-manager.tar.gz -C /tmp
$ sudo mv /tmp/kubectl-cert_manager /usr/local/bin</code>Manual certificate update
Check the next renewal time of a certificate:
<code>$ kubectl cert-manager status certificate -n jenkins jenkins.jiaxzeng.com-tls</code>Tip: “Not After” shows the certificate expiration date; “Renewal Time” shows the automatic renewal schedule.
Trigger a manual renewal:
<code>$ kubectl cert-manager renew -n jenkins jenkins.jiaxzeng.com-tls
$ kubectl cert-manager status certificate -n jenkins jenkins.jiaxzeng.com-tls | grep Not</code>After renewal, the “Not After” date moves forward.
Conclusion
As Kubernetes clusters grow, managing certificates manually becomes inefficient and error‑prone. The
kubectl cert-managerplugin simplifies status inspection and troubleshooting, greatly improving operational efficiency.
Linux Ops Smart Journey
The operations journey never stops—pursuing excellence endlessly.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.