
Show HN: A Let's Encrypt Certificates Manager for Kubernetes - MathieuN
https://github.com/math-nao/certs
======
jlogsdon
What's the benefit of this over using cert-manager?

~~~
MathieuN
I see some benefits:

1/ I got many issues for upgrading cert-manager and for managing logs. With
Certs I do not have those issues, it is a light and simple Chart.

2/ Cert-manager is asking too much role permissions. Certs uses only api
permissions for getting Ingress annotations and getting/updating secrets.

3/ Cert-manager is keeping a container running. Certs uses CronJob to check if
issuing a certificate is necessary or not.

4/ Cert-manager does not support Godaddy dns validation for example. Certs
supports all dns providers supported by acme.sh (more than 80), you can find
the list here:
[https://github.com/Neilpang/acme.sh/wiki/dnsapi](https://github.com/Neilpang/acme.sh/wiki/dnsapi)

~~~
antoniomarino
I came to this thread having the same questions (why use this over cert-
manager) and this answer gives some pretty solid reasons.

Can you elaborate more on /3 ? Why is this kind of service better suited for a
CronJob over a running container?

~~~
MathieuN
Let’s Encrypt CA issues short-lived certificates (90 days) and official
documentation recommends to check twice a day if certificates need to be
renewed. It is a good choice to use Kubernetes Cronjob for this periodical
task, resources and monitoring are saved.

