Docs Self-Managed Manage Kubernetes Security TLS Encryption You are viewing the Self-Managed v24.3 beta documentation. We welcome your feedback at the Redpanda Community Slack #beta-feedback channel. To view the latest available version of the docs, see v24.2. TLS for Redpanda in Kubernetes Redpanda clusters can use Transport Layer Security (TLS) and mTLS (Mutual TLS) to secure internal and external communications with clients and other brokers. In the Redpanda Helm chart, TLS is enabled by default for all internal and external listeners, using self-signed certificates managed by cert-manager. You can configure the chart to use your own certificates with or without cert-manager. Redpanda exposes several public metrics to help administrators manage their installed certificates. Configuring alerts on these metrics is a critical tool for managing certificate expiration and avoiding surprise outages. The public metrics reference contains a full list of available TLS metrics. You can refer to the monitor Redpanda in Kubernetes guide for full details on configuring Prometheus to monitor these metrics. This guide also explains how to create a Grafana dashboard for visualizations and alerting. Use cert-manager to manage TLS certificates Learn how to enable TLS encryption in your Redpanda cluster and use cert-manager to simplify the process of obtaining, renewing, and using certificates. Use Kubernetes Secrets to manage TLS certificates Create TLS files and store them in Kubernetes Secret resources to configure Redpanda listeners with TLS certificates. Back to top × Simple online edits For simple changes, such as fixing a typo, you can edit the content directly on GitHub. Edit on GitHub Or, open an issue to let us know about something that you want us to change. Open an issue Contribution guide For extensive content updates, or if you prefer to work locally, read our contribution guide . Was this helpful? thumb_up thumb_down group Ask in the community mail Share your feedback group_add Make a contribution Security Use cert-manager