Skip to content

Approver Policy overview

Approver Policy is a cert-manager approver that approves or denies certificate requests based on policies you define in your cluster. It replaces the built-in cert-manager approver with a policy-driven workflow that gives you explicit control over which certificate requests are allowed.

Approver Policy provides the following key benefits:

  • Enforces certificate policy in-cluster by evaluating certificate requests against CertificateRequestPolicy custom resources.
  • Identifies unmatched requests by tracking orphan certificate requests that don't match any policy, helping you detect gaps in your policy configuration.
  • Exports Prometheus metrics for approved, denied, and orphan certificate requests to support monitoring and troubleshooting.

By using Approver Policy, you can define certificate policies locally to your cluster and control which certificate requests are approved or denied.

What's next?

To get started, install Approver Policy alongside cert-manager in your cluster.