TLS for Redpanda in Kubernetes

Redpanda clusters can use Transport Layer Security (TLS) and mTLS (Mutual TLS) to secure internal and external communications with clients and other brokers. In the Redpanda Helm chart, TLS is enabled by default for all internal and external listeners, using self-signed certificates managed by cert-manager. You can configure the chart to use your own certificates with or without cert-manager.

Redpanda exposes several public metrics to help administrators manage their installed certificates. Configuring alerts on these metrics is a critical tool for managing certificate expiration and avoiding surprise outages. The public metrics reference contains a full list of available TLS metrics. You can refer to the monitor Redpanda in Kubernetes guide for full details on configuring Prometheus to monitor these metrics. This guide also explains how to create a Grafana dashboard for visualizations and alerting.

Use cert-manager to manage TLS certificates
Learn how to enable TLS encryption in your Redpanda cluster and use cert-manager to simplify the process of obtaining, renewing, and using certificates.
Use Kubernetes Secrets to manage TLS certificates
Create TLS files and store them in Kubernetes Secret resources to configure Redpanda listeners with TLS certificates.

Was this helpful?

group Ask in the community

mail Share your feedback

group_add Make a contribution

What do you like about this doc?

Let us know what we do well:

Let us contact you about your feedback:

What did you not like about this doc?

Let us know what we can improve:

Let us contact you about your feedback:

TLS for Redpanda in Kubernetes

Simple online edits

Contribution guide