cleanstart/cert-manager-controller

Verified Publisher

By CleanStart

•Updated about 1 hour ago

Secure by Design, Built for Speed, Hardened Container Images on a minimal base CleanStart OS.

Image
Web servers
0

50K+

cleanstart/cert-manager-controller repository overview

Container Documentation for Cert-Manager-Controller

Cert-manager-controller is an automated certificate management solution for Kubernetes clusters. It simplifies the process of obtaining, renewing and using SSL/TLS certificates from various issuers including Let's Encrypt, HashiCorp Vault, and Venafi. This container provides enterprise-grade certificate management capabilities with automated certificate request handling, validation, and lifecycle management.

šŸ“Œ Base Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments from cleanstart Registry.

Image Path: cleanstart/cert-manager-controller Registry: Cleanstart Registry

Key Features Core capabilities and strengths of this container

  • Automated certificate issuance and renewal
  • Multiple issuer support (ACME, Vault, Venafi)
  • Kubernetes-native certificate management
  • Certificate lifecycle automation

Common Use Cases Typical scenarios where this container excels

  • Kubernetes TLS certificate automation
  • Multi-domain SSL certificate management
  • Automated Let's Encrypt integration
  • Enterprise PKI infrastructure automation

Pull Latest Image Download the container image from the registry

docker pull cleanstart/cert-manager-controller:latest
docker pull cleanstart/cert-manager-controller:latest-dev

Basic Run Run the container with basic configuration

docker run -it --name cert-manager cleanstart/cert-manager-controller:latest --v=2 --cluster-resource-namespace=cert-manager

Production Deployment Deploy with production security settings

docker run -d --name cert-manager-prod \
  --read-only \
  --security-opt=no-new-privileges \
  --user 1000:1000 \
  -v /etc/cert-manager:/etc/cert-manager \
  cleanstart/cert-manager-controller:latest

Volume Mount Mount local directory for persistent data

docker run -v /etc/cert-manager:/etc/cert-manager \
  -v /var/run/cert-manager:/var/run/cert-manager \
  cleanstart/cert-manager-controller:latest

Port Forwarding Run with custom port mappings

docker run -p 9402:9402 cleanstart/cert-manager-controller:latest

Environment Variables Configuration options available through environment variables

VariableDefaultDescription
NAMESPACEcert-managerNamespace for cert-manager deployment
LOG_LEVEL2Logging verbosity level
LEADER_ELECTION_NAMESPACEkube-systemNamespace for leader election
ACME_HTTP01_SOLVER_IMAGEcert-manager-acmesolverHTTP01 solver image

Security Best Practices Recommended security configurations and practices

  • Use RBAC policies to restrict certificate management access
  • Implement proper secret management for issuer credentials
  • Regular audit of certificate requests and issuance
  • Monitor certificate expiration and renewal events
  • Use secure transport for certificate private keys
  • Enable validation webhooks for certificate requests

Kubernetes Security Context Recommended security context for Kubernetes deployments

securityContext:
  runAsNonRoot: true
  runAsUser: 1001
  fsGroup: 1001
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ["ALL"]
  seccompProfile:
    type: RuntimeDefault

⁠Documentation Resources

Essential links and resources for further information

CleanStart Images: https://images.cleanstart.com/⁠

Community Images:
Docker Hub: https://hub.docker.com/u/cleanstart⁠
GitHub: https://github.com/cleanstart-containers⁠
AWS ECR Public Gallery: https://gallery.ecr.aws/cleanstart/⁠

Presence on Social Media:
Community: https://www.linkedin.com/groups/18324021/⁠
YouTube: https://www.youtube.com/@CleanStartOfficial⁠

Contribute to Container Use Cases: https://github.com/cleanstart-dev/cleanstart-use-cases/⁠


Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.

Tag summary

Content type

Image

Digest

sha256:c5fe35e7a…

Size

46.3 MB

Last updated

about 1 hour ago

docker pull cleanstart/cert-manager-controller:1.21.0-amd64