cmctl

Check if the cert-manager API is ready

$ cmctl check api

$ cmctl status certificate [cert_name]

$ cmctl create certificaterequest my-cr --from-certificate-file [cert.yaml]

$ cmctl create certificaterequest my-cr --from-certificate-file [cert.yaml] --fetch-certificate --timeout [20m]

cmctl command [arguments] [options]

Examples:
cmctl approve my-certificate-request
cmctl describe certificate my-app-certificate
cmctl status certificate my-app-cert --namespace production

--help, -h
    Displays help information for a command or subcommand.

--kubeconfig path
    Specifies the path to the kubeconfig file to use for Kubernetes API requests.

--context name
    Sets the name of the kubeconfig context to use for the command.

--namespace, -n name
    If present, specifies the namespace scope for the CLI request. Used for namespaced resources like Certificates.

--server address
    The address and port of the Kubernetes API server to connect to.

--log-level level
    Sets the logging level for the command (e.g., 'info', 'debug').

cmctl is the command-line interface (CLI) for cert-manager, a popular open-source X.509 certificate management solution for Kubernetes. It allows users to interact with and manage cert-manager resources such as Issuers, ClusterIssuers, Certificates, and CertificateRequests directly from their terminal.

cmctl simplifies operations like viewing certificate statuses, checking pending certificate requests, describing issuer configurations, and even creating or deleting cert-manager objects. It is designed to work in conjunction with kubectl, leveraging kubectl's context and authentication. This tool is essential for cluster administrators and developers who deploy applications requiring automatic certificate provisioning and renewal within their Kubernetes environments, providing a deeper insight into cert-manager's operations than kubectl alone can offer for these specific resources.

cmctl is not a standard Linux system utility; it is a specialized tool for managing cert-manager within a Kubernetes environment.

It requires that cert-manager is installed and running in your Kubernetes cluster, and it relies on your existing kubectl configuration (kubeconfig, context, authentication) to communicate with the cluster's API server.

Commands and flags may evolve with new versions of cert-manager and its API, potentially leading to breaking changes.

cmctl can be installed in several ways:
1. As a kubectl plugin: Many users install it via kubectl krew install cert-manager or by downloading the standalone binary and placing it in their PATH, often aliased as kubectl cert-manager.
2. As a standalone binary: Downloadable directly from the official cert-manager GitHub releases page for various operating systems.

cmctl commands are typically organized into categories:
1. Lifecycle Management: Commands like approve and deny for managing certificate request workflows.
2. Resource Inspection: Commands such as describe, status, and get (when used via kubectl plugin) to view detailed information about cert-manager resources.
3. Utilities: Commands like convert for migrating resource API versions or verify for validating configuration.

cmctl emerged as an essential companion tool to the cert-manager project, which was initiated to automate X.509 certificate provisioning in Kubernetes environments. As cert-manager gained widespread adoption and its API surface expanded, a dedicated command-line utility became critical to simplify interactions with its custom resources.

Developed alongside cert-manager itself, cmctl provides specific verbs and tailored output formats that streamline common tasks, such as inspecting certificate statuses, approving certificate requests, or diagnosing issues. Its development is tightly coupled with the cert-manager release cycle, ensuring compatibility and introducing new functionalities as the core project evolves.

kubectl(1), helm(1), openssl(1SSL)