TLS for Redpanda in Kubernetes

    Redpanda clusters can use Transport Layer Security (TLS) and mTLS (Mutual TLS) to secure internal and external communications with clients and other brokers. In the Redpanda Helm chart, TLS is enabled by default for all internal and external listeners, using self-signed certificates managed by cert-manager. You can configure the chart to use your own certificates with or without cert-manager.

    Redpanda exposes several public metrics to help administrators manage their installed certificates. Configuring alerts on these metrics is a critical tool for managing certificate expiration and avoiding surprise outages. The public metrics reference contains a full list of available TLS metrics. You can refer to the monitor Redpanda in Kubernetes guide for full details on configuring Prometheus to monitor these metrics. This guide also explains how to create a Grafana dashboard for visualizations and alerting.

  • Use cert-manager to manage TLS certificates

    Learn how to enable TLS encryption in your Redpanda cluster and use cert-manager to simplify the process of obtaining, renewing, and using certificates.

  • Use Kubernetes Secrets to manage TLS certificates

    Create TLS files and store them in Kubernetes Secret resources to configure Redpanda listeners with TLS certificates.