This topic explains how to specify a custom Kubernetes namespace forcert-manager.
In most cases, cert-manager runs in thecert-managernamespace. Some users may have
company policies restricting the creation of new Kubernetes namespaces or have policies requiring
cert-manager to be run in a different namespace, for examplekube-system.
Verify that cert-manager installed correctly in the new namespace with thekubectl get podscommand:
kubectl get pods -nnew-cert-manager-namespace
NAME READY STATUS RESTARTS AGE
cert-manager-1234567-abcde 1/1 Running 0 21s
cert-manager-cainjector-23456789a-bcdef 1/1 Running 0 22s
cert-manager-webhook-3456789ab-cdef0 1/1 Running 0 20s
If cert manager had previoiusly been running, delete thecert-managerinstance in
thecert-managernamespace by following the instructions inUninstall
in the cert-manager documentation.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis documentation guides you through specifying a custom Kubernetes namespace for cert-manager, which typically runs in the \u003ccode\u003ecert-manager\u003c/code\u003e namespace.\u003c/p\u003e\n"],["\u003cp\u003eYou may need to use a custom namespace due to company policies or specific requirements to run cert-manager in a different namespace, such as \u003ccode\u003ekube-system\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eTo install cert-manager in a custom namespace, you'll need to edit the installation manifests and add a \u003ccode\u003ecertManager\u003c/code\u003e stanza to your overrides file, specifying the new namespace.\u003c/p\u003e\n"],["\u003cp\u003eAfter installing, you can verify that cert-manager is running correctly in the new namespace by using the \u003ccode\u003ekubectl get pods\u003c/code\u003e command.\u003c/p\u003e\n"],["\u003cp\u003eIf cert-manager was installed in the \u003ccode\u003ecert-manager\u003c/code\u003e namespace previously, it should be uninstalled.\u003c/p\u003e\n"]]],[],null,["# Running cert-manager in a custom namespace\n\n| You are currently viewing version 1.11 of the Apigee hybrid documentation. **This version is end of life.** You should upgrade to a newer version. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nThis topic explains how to specify a custom Kubernetes namespace for\n[cert-manager](https://cert-manager.io/).\n\nIn most cases, cert-manager runs in the `cert-manager` namespace. Some users may have\ncompany policies restricting the creation of new Kubernetes namespaces or have policies requiring\ncert-manager to be run in a different namespace, for example `kube-system`.\n\n\nSpecify a custom namespace for cert-manager\n-------------------------------------------\n\n1. Create the namespace if needed: \n\n ```\n kubectl create namespace new-cert-manager-namespace\n ```\n2. Install cert-manager following the instructions in [Installation:\n Introduction](https://cert-manager.io/v1.10-docs/installation/) in the cert-manager documentation. **Note:** You will have to edit the installation manifests to install cert-manager in a custom namespace.\n3. Add a [`certManager`](/apigee/docs/hybrid/v1.11/config-prop-ref#certmanager) stanza to your overrides file. \n\n ```\n certManager:\n namespace: new-cert-manager-namespace\n \n ```\n4. Apply the namespace change:\n\n ### Helm\n\n Test with a dry run first: \n\n ```\n helm upgrade operator apigee-operator/ \\\n --install \\\n --namespace apigee-system \\\n --atomic \\\n -f OVERRIDES_FILE.yaml \\\n --dry-run\n ```\n\n Apply the change: \n\n ```\n helm upgrade operator apigee-operator/ \\\n --install \\\n --namespace apigee-system \\\n --atomic \\\n -f OVERRIDES_FILE.yaml\n ```\n\n ### `apigeectl`\n\n ```\n $APIGEECTL_HOME/apigeectl init -f OVERRIDES_FILE.yaml\n ```\n5. Verify that cert-manager installed correctly in the new namespace with the `kubectl get pods` command: \n\n ```\n kubectl get pods -n new-cert-manager-namespace\n ``` \n\n ```\n NAME READY STATUS RESTARTS AGE\n cert-manager-1234567-abcde 1/1 Running 0 21s\n cert-manager-cainjector-23456789a-bcdef 1/1 Running 0 22s\n cert-manager-webhook-3456789ab-cdef0 1/1 Running 0 20s\n ```\n6. If cert manager had previoiusly been running, delete the `cert-manager` instance in the `cert-manager` namespace by following the instructions in [Uninstall\n in the cert-manager documentation](https://cert-manager.io/docs/installation/kubectl/#uninstalling)."]]
