cert-manager and external-dns: Automatic TLS and DNS on Kubernetes

Calendar February 22, 2026
Kubernetes
Intermediate
Cert-Manager-Setup, External-Dns-Configuration, Tls-Automation, Dns-Automation
Cert-Manager, External-Dns, Tls, Dns, Lets-Encrypt, Ingress
Kubectl, Helm

cert-manager and external-dns#

These two controllers solve the two most tedious parts of exposing services on Kubernetes: getting TLS certificates and creating DNS records. Together, they make it so that creating an Ingress resource automatically provisions a DNS record pointing to your cluster and a valid TLS certificate for the hostname.

cert-manager#

cert-manager watches for Certificate resources and Ingress annotations, then obtains and renews TLS certificates automatically.

Installation#

helm repo add jetstack https://charts.jetstack.io
helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --set crds.enabled=true

The crds.enabled=true flag installs the CRDs as part of the Helm release. Verify with kubectl get pods -n cert-manager – you should see cert-manager, cert-manager-cainjector, and cert-manager-webhook all Running.

EKS Networking and Load Balancing

Calendar February 22, 2026
Kubernetes
Intermediate
Eks-Networking, Load-Balancer-Configuration, Dns-Automation
Eks, Aws, Vpc-Cni, Alb, Nlb, Load-Balancing, Networking
Kubectl, Aws-Cli, Helm

EKS Networking and Load Balancing#

EKS networking differs fundamentally from generic Kubernetes networking. Pods get real VPC IP addresses, load balancers are AWS-native resources, and networking decisions have direct cost and IP capacity implications.

VPC CNI: How Pod Networking Works#

The AWS VPC CNI plugin assigns each pod an IP address from your VPC CIDR. Unlike overlay networks (Calico, Flannel), pods are directly routable within the VPC. This means security groups, NACLs, and VPC flow logs all work with pod traffic natively.