Public | Automated Build

Last pushed: 2 years ago
Short Description
kubernetes-certificate-service generates and provides certificates for TLS encryption
Full Description


kubernetes-certificate-service generates and provides certificates for TLS encryption.

The main purpose of this service is to provide authentication credentials for Kubernetes clusters, primarily for the purpose of encrypting intra-cluster communication.

On start, the service will generate the necessary certificates, and make them available via HTTP. The same certificates will be returned for all HTTP calls. Kubernetes components can call this service before initialisation and fetch necessary credentials.

Credentials can be accessed via /ca.crt, /server.crt, and /server.key.

See for further information.

Getting kubernetes-certificate-service

Clone the git repository:

Download the latest docker image from here:

How to build

docker build -t giantswarm/kubernetes-certificate-service .

A Docker Hub automated build is present for building images. These are periodically tagged for releases.

Running kubernetes-certificate-service

docker run -p 8000:80 giantswarm/kubernetes-certificate-service:0.1 $KUBERNETES_MASTER_ADDRESS

$KUBERNETES_MASTER_ADDRESS is the address of the Kubernetes API Server, and is required for the creation of the certificates.

For example:

$ docker run -d -p 8000:80 giantswarm/kubernetes-certificate-service:0.1 kube-master.local
$ curl docker:8000/ca.crt

Note: You may want to mount /certs to durable storage, to avoid losing certificates when the container dies.


Contributing & Reporting Bugs

See CONTRIBUTING for details on submitting patches, the contribution workflow as well as reporting bugs.


kubernetes-certificate-service is under the Apache 2.0 license. See the LICENSE file for details.

Docker Pull Command