Configure external cert-manager

Cert Manager Support

This page shows how you can a third party certificate authority solution like Cert Manager.

The page is intended for a batch administrator.

Before you begin

Make sure you the following conditions are set:

  • A Kubernetes cluster is running.
  • The kubectl command-line tool has communication with your cluster.
  • Kueue is installed.
  • Cert Manager is installed

Kueue supports either Kustomize or installation via a Helm chart.

Internal Certificate management

In all cases, Kueue’s internal certificate management must be turned off if one wants to use CertManager.

Kustomize Installation

  1. Set internalCertManagement.enable to false in the kueue configuration.
  2. Comment out the internalcert folder in config/default/kustomization.yaml.
  3. Enable cert-manager in config/default/kustomization.yaml and uncomment all sections with ‘CERTMANAGER’.

Helm Installation

Kueue can also support optional helm values for Cert Manager enablement.

  1. Disable internalCertManager in the kueue configuration.
  2. set enableCertManager in your values.yaml file to true.

Last modified March 19, 2025: document tls metrics (#4598) (61a943cf)