Kubernetes has some magic sauce to automatically renew certificates before they expire. The built-in CertManager is a great tool for getting new certificates. But are certificates renewed in time? Did we discover a certificate expiring soon and renew it in time?
It’s easy for a certificate to slip through the cracks. Once the cert expires, the system is offline with a really unfriendly message for users. Suddenly our site looks unsafe.
It’s often at this point when a customer calls to complain that we realize a certificate expired again. Then we build a big, manual process to ensure it never happens again. But sure enough, a month or two later, it happens again.
This Shoreline automation scans the cluster for certificates generated by CertManager and stored in k8s secrets or pod definitions. When a certificate is expiring soon (a configurable timeframe), the Shoreline automation calls k8s’s CertManager to renew the certificate. You’ll almost forget about certificate expiry with Shoreline’s certificate management Op Pack.