Kubernetes’ CertificateSigningRequest (CSR) resource, introduced as stable in v1.19, provides a programmable interface for requesting and obtaining X.509 certificates signed by a specified signer. CSRs are fundamental to automating TLS credential provisioning within clusters, underpinning use cases such as kubelet certificate rotation, webhook certificates, and user authentication via client certificates.