cert-manager and external-dns: Automatic TLS and DNS on Kubernetes

Calendar February 22, 2026
Kubernetes
Intermediate
Cert-Manager-Setup, External-Dns-Configuration, Tls-Automation, Dns-Automation
Cert-Manager, External-Dns, Tls, Dns, Lets-Encrypt, Ingress
Kubectl, Helm

cert-manager and external-dns#

These two controllers solve the two most tedious parts of exposing services on Kubernetes: getting TLS certificates and creating DNS records. Together, they make it so that creating an Ingress resource automatically provisions a DNS record pointing to your cluster and a valid TLS certificate for the hostname.

cert-manager#

cert-manager watches for Certificate resources and Ingress annotations, then obtains and renews TLS certificates automatically.

Installation#

helm repo add jetstack https://charts.jetstack.io
helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --set crds.enabled=true

The crds.enabled=true flag installs the CRDs as part of the Helm release. Verify with kubectl get pods -n cert-manager – you should see cert-manager, cert-manager-cainjector, and cert-manager-webhook all Running.