Jump to content

Connect Leeroopedia MCP: Equip your AI agents to search best practices, build plans, verify code, diagnose failures, and look up hyperparameter defaults.

Environment:Kserve Kserve Cert Manager

From Leeroopedia
Knowledge Sources
Domains Infrastructure, Security
Last Updated 2026-02-13 14:00 GMT

Overview

cert-manager v1.17.0 for automated TLS certificate management for KServe webhooks and HTTPS endpoints.

Description

cert-manager provides automatic certificate provisioning and rotation for KServe's admission webhooks (mutating and validating). It creates self-signed certificates injected into webhook configurations via CA injection annotations. Without cert-manager, webhook TLS must be managed manually.

Usage

Use this environment for all KServe installations that use admission webhooks (default). cert-manager handles certificate lifecycle for the InferenceService, InferenceGraph, TrainedModel, and LLMInferenceService webhook endpoints.

System Requirements

Category Requirement Notes
Kubernetes >= 1.24 Base requirement
cert-manager v1.17.0 From kserve-deps.env
Helm v3.16.3+ For cert-manager installation

Dependencies

Helm Charts

Credentials

No additional credentials for self-signed certificates. For production:

  • Cloud DNS credentials for ACME/Let's Encrypt issuers

Quick Install

helm install cert-manager jetstack/cert-manager \
    --namespace cert-manager --create-namespace \
    --version "${CERT_MANAGER_VERSION}" --set crds.enabled=true

Code Evidence

Version pinned in `kserve-deps.env:17`: 

CERT_MANAGER_VERSION=v1.17.0

Self-signed issuer from `config/certmanager/issuer.yaml`: 

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: selfsigned-issuer
  namespace: kserve
spec:
  selfSigned: {}

Common Errors

Error Message Cause Solution
Webhook TLS handshake failure Certificates not provisioned Verify cert-manager pods are running and certificates are Ready
`certificate not found` cert-manager CRDs missing Install with `--set crds.enabled=true`

Compatibility Notes

  • OpenShift: Use the cert-manager Operator from OperatorHub
  • ROSA (AWS): Requires special AWS account preparation for dynamic certificates

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Environment:Kserve_Kserve_Cert_Manager&oldid=27151"