mesh pattern
service mesh academy

Enterprise PKI in the cloud-native world with Linkerd and cert-manager

Thursday, June 16 9 to 10 am PST | 12 to 1 pm EST | 6 to 7 pm CET

Migrating an existing enterprise PKI to Kubernetes can be daunting — there are so many moving parts to achieving trust across boundaries! From bootstrapping certificates to terminating TLS at the ingress level, all the way down to securing communication between workloads, supporting identity management quickly becomes non-trivial. In this hands-on workshop, members of the cert-manager and Linkerd teams will show you how to combine the two projects to manage identity while providing mTLS between your workloads, greatly reducing the burden on platform teams. You'll learn how to integrate with a CA from an external PKI, and use it to bootstrap zero-trust across all cluster boundaries.

What you'll get out of this

  • Manage identity while providing mTLS between workloads

  • Integrated with a CA from an external PKI

  • Learn directly from the cert-manager and Linkerd teams

Getting ready

For the hands-on portions, it’s important that you arrive prepared. Please have a Kubernetes cluster ready, and the Linkerd CLI version 2.11.0 or above installed on your machine—check out the first few steps of our Linkerd Getting Started Guide if you want some specific instructions on how to do this. (If you don’t want to do the hands-on portion, of course, you are welcome to just listen in. But it won’t be as fun!) Finally, please join the #workshops channel on the Linkerd Slack. We’re going to use Slack instead of the regular Zoom chat for this workshop.


  • Richard Wall

    Richard Wall, Senior Software Engineer, Jetstack

    Richard is a programmer and open-source hacker. Python is his goto language, as a long time contributor to Twisted. For the past 3 years he’s been working on Flocker – a persistent volume management system for modern orchestrators. He’s worked on all areas of Flocker, including the control service, state machine, and the benchmarking framework for gathering metrics. Richard has been using Kubernetes since it was first released and he has a special interest in Kubernetes persistent storage.

  • Matei David

    Matei David, Linkerd Maintainer, Buoyant

    Matei David is a software engineer at Buoyant and one of the maintainers of the Linkerd project, the CNCF’s graduated service mesh. Passionate about open source, Matei got involved in the cloud native space early on in his career. As a Community Bridge Mentee (a CNCF program for young engineers) he worked on topology-aware service routing for Linkerd — an opportunity that led him to join the Buoyant team permanently. Since then he has become a project maintainer and you can often find him helping community members on the Linkerd Slack.