# TLS for Redpanda in Kubernetes

> For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [streaming-full.txt](https://docs.redpanda.com/streaming-full.txt)

---
title: TLS for Redpanda in Kubernetes
latest-redpanda-tag: v26.1.9
latest-console-tag: v3.7.3
latest-operator-version: v26.1.4
# EOL = End-of-Life (support lifecycle status)
page-is-nearing-eol: "false"
page-is-past-eol: "false"
page-eol-date: March 31, 2027
latest-connect-version: 4.93.0
docname: kubernetes/security/tls/index
page-component-name: streaming
page-version: "26.1"
page-component-version: "26.1"
page-component-title: Streaming
page-relative-src-path: kubernetes/security/tls/index.adoc
page-edit-url: https://github.com/redpanda-data/docs/edit/main/modules/manage/pages/kubernetes/security/tls/index.adoc
description: Use TLS to authenticate Redpanda brokers and encrypt communication between clients and brokers.
page-git-created-date: "2023-11-14"
page-git-modified-date: "2025-07-31"
support-status: supported
---

<!-- Source: https://docs.redpanda.com/streaming/current/manage/kubernetes/security/tls.md -->

Redpanda clusters can use Transport Layer Security (TLS) and mTLS (Mutual TLS) to secure internal and external communications with clients and other brokers. In the Redpanda Helm chart, TLS is enabled by default for all internal and external listeners, using self-signed certificates managed by [cert-manager](https://cert-manager.io/docs/). You can configure the chart to use your own certificates with or without cert-manager.

Redpanda exposes several public metrics to help administrators manage their installed certificates. Configuring alerts on these metrics is a critical tool for managing certificate expiration and avoiding surprise outages. The [public metrics reference](https://docs.redpanda.com/streaming/current/reference/public-metrics-reference/#tls_metrics) contains a full list of available TLS metrics. You can refer to the [monitor Redpanda in Kubernetes](https://docs.redpanda.com/streaming/current/manage/kubernetes/monitoring/k-monitor-redpanda/) guide for full details on configuring Prometheus to monitor these metrics. This guide also explains how to create a Grafana dashboard for visualizations and alerting.

-   [Use cert-manager to manage TLS certificates](k-cert-manager/)

    Learn how to enable TLS encryption in your Redpanda cluster and use cert-manager to simplify the process of obtaining, renewing, and using certificates.

-   [Use Kubernetes Secrets to manage TLS certificates](k-secrets/)

    Create TLS files and store them in Kubernetes Secret resources to configure Redpanda listeners with TLS certificates.