How to Use CERT-MANAGER with Gateway API

The video walks through enabling TLS for services exposed via the Kubernetes Gateway API by leveraging cert-manager and Let’s Encrypt. It starts by provisioning a local Kind cluster, installing cert-manager through its Helm chart, and configuring a Cloudflare DNS record that points to the node‑port IP address used for external access. Key steps include defining a ClusterIssuer that references Let’s Encrypt’s ACME server and selecting the HTTP‑01 challenge type. A Gateway resource is created, followed by an HTTPRoute that routes the challenge request to a temporary endpoint managed by cert-manager. When Let’s Encrypt validates the HTTP‑200 response, it issues a certificate, which cert-manager stores automatically in a Kubernetes Secret. The presenter highlights how cert-manager dynamically creates the HTTPRoute to serve the required validation file, and how the resulting Secret can be referenced by Ingress or other workloads to terminate TLS. This hands‑off flow eliminates manual certificate handling and demonstrates a concise YAML‑only configuration. For operators, this integration means rapid, automated provisioning of trusted TLS certificates for any domain managed via the Gateway API, reducing operational overhead and improving security posture for cloud‑native applications.