TLS and Certificates
TLS should be automated and treated as part of your deployment workflow.
Recommended model
Section titled “Recommended model”- Use cert-manager issuers for certificate lifecycle.
- Request certs for all externally exposed hostnames.
- Monitor expiration and renewal events.
Operational checks
Section titled “Operational checks”- Certificate status is
Ready. - Correct DNS names are present in the certificate.
- Route presents the expected certificate chain.
Renewal best practices
Section titled “Renewal best practices”- Avoid last-minute manual renewals.
- Alert before certificate expiry windows.
- Rotate issuer credentials safely.