_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
Language
CS EN
Let's talk

Certificate Management — správa certifikátů

11. 02. 2025 1 min read intermediate

Expirovaný certifikát = výpadek. Špatně spravované certifikáty jsou časovaná bomba.

cert-manager v Kubernetes

Instalace

helm install cert-manager jetstack/cert-manager –set installCRDs=true

Let’s Encrypt issuer

apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: [email protected] privateKeySecretRef: name: letsencrypt-key solvers: - http01: ingress: class: nginx

Monitoring

Prometheus alert

  • alert: CertificateExpiringSoon expr: certmanager_certificate_expiration_timestamp_seconds - time() < 7 * 24 * 3600 labels: severity: warning annotations: summary: “Certificate {{ $labels.name }} expires in less than 7 days”

Key Takeaway

cert-manager pro K8s, Prometheus pro monitoring. Automatizujte obnovu, monitorujte expiraci.

securitycertificatestlscert-manager
Share:

CORE SYSTEMS tým

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Všechny články

Další know-how

SSL/TLS certificates in Java applications

Managing SSL certificates in Java keystores. Keytool, truststore, mutual TLS and common HTTPS problems.

SSL/TLS checklist

SSL/TLS checklist — certifikáty, protokoly, HSTS, certificate transparency.

mTLS v praxi

Vzájemná TLS autentizace, certifikáty a nasazení.