Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: A Let's Encrypt Certificates Manager for Kubernetes (github.com)
14 points by MathieuN 6 days ago | hide | past | web | favorite | 4 comments

What's the benefit of this over using cert-manager?

I see some benefits:

1/ I got many issues for upgrading cert-manager and for managing logs. With Certs I do not have those issues, it is a light and simple Chart.

2/ Cert-manager is asking too much role permissions. Certs uses only api permissions for getting Ingress annotations and getting/updating secrets.

3/ Cert-manager is keeping a container running. Certs uses CronJob to check if issuing a certificate is necessary or not.

4/ Cert-manager does not support Godaddy dns validation for example. Certs supports all dns providers supported by acme.sh (more than 80), you can find the list here: https://github.com/Neilpang/acme.sh/wiki/dnsapi

I came to this thread having the same questions (why use this over cert-manager) and this answer gives some pretty solid reasons.

Can you elaborate more on /3 ? Why is this kind of service better suited for a CronJob over a running container?

Let’s Encrypt CA issues short-lived certificates (90 days) and official documentation recommends to check twice a day if certificates need to be renewed. It is a good choice to use Kubernetes Cronjob for this periodical task, resources and monitoring are saved.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact