/tags/tls/Recent content in Tls on Pim WiddershovenHugoenTue, 26 May 2026 00:00:00 +0000/entry/bootstrapping-trust-in-a-kubernetes-cluster-with-cert-manager/Tue, 26 May 2026 00:00:00 +0000/entry/bootstrapping-trust-in-a-kubernetes-cluster-with-cert-manager/A cluster with networking and storage still serves most of its TLS endpoints with self-signed certificates. This post wires up the trust layer: cert-manager with a bootstrapped internal CA, trust-manager to distribute the bundle to every namespace, Let’s Encrypt over Gateway API for the public edge, and a CSR approver so the kubelet finally gets a serving cert that something can verify.