cert-manager/csi-driver

Stars
163
Rank 231,141 (Top 5 %)
Language
Go
License
Apache License 2.0
Created about 5 years ago
Updated over 1 year ago

cert-manager/csi-driver

cert-manager

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A Kubernetes CSI plugin to automatically mount signed certificates to Pods using ephemeral volumes

csi-driver

csi-driver is a Container Storage Interface (CSI) driver plugin for Kubernetes to work along cert-manager. The goal for this plugin is to facilitate requesting and mounting certificate key pairs to pods seamlessly. This is useful for facilitating mTLS, or otherwise securing connections of pods with guaranteed present certificates whilst having all of the features that cert-manager provides.

Why a CSI Driver?

Ensure private keys never leave the node and are never sent over the network. All private keys are stored locally on the node.
Unique key and certificate per application replica with a grantee to be present on application run time.
Reduce resource management overhead by defining certificate request spec in-line of the Kubernetes Pod template.
Automatic renewal of certificates based on expiry of each individual certificate.
Keys and certificates are destroyed during application termination.
Scope for extending plugin behaviour with visibility on each replica's certificate request and termination.

Documentation

Please follow the documentation at cert-manager.io for installing and using csi-driver.

cert-manager

Automatically provision and manage TLS certificates in Kubernetes

aws-privateca-issuer

Addon for cert-manager that issues certificates using AWS ACM PCA.

trust-manager

trust-manager is an operator for distributing trust bundles across a Kubernetes cluster.

istio-csr

istio-csr is an agent that allows for Istio workload and control plane components to be secured using cert-manager.

webhook-example

A cert-manager sample repository for creating an ACME DNS01 solver webhook

csi-driver-spiffe

A Kubernetes CSI plugin to automatically mount SPIFFE certificates to Pods using ephemeral volumes

website

Source code for the cert-manager.io website, including project documentation

approver-policy

approver-policy is a cert-manager approver that allows users to define policies that restrict what certificates can be requested.

openshift-routes

OpenShift Route support for cert-manager

sample-external-issuer

A sample external Issuer for cert-manager

signer-ca

Experimental 'local CA' based signer for Kubernetes 1.18 CSR API

cert-manager-olm

Definitions for the cert-manager operator published via Red Hat's Operator Lifecycle Manager (OLM)

csi-lib

A library for building CSI drivers that request certificates from cert-manager

print-your-cert

Get your certificate printed at the cert-manager booth at KubeCon EU 2024 in Paris!

release

Releasing tooling for the cert-manager project

signer-venafi

Experimental Venafi based signer for Kubernetes 1.18 CSR API https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/20190607-certificates-api.md#signers

testing

Repository containing cert-manager testing infrastructure configuration

trust-manager-csi-driver

Experiment: CSI driver for mounting trust bundles into a pod from trust-manager

webhook-lib

Experimental: a Golang library for creating conversion & admission webhooks

infrastructure

cert-manager infrastructure

testing-addons

Tooling to deploy cert-manager with external dependencies for local testing

boilersuite

Boilerplate checker entirely in Go

helm-tool

helm-tool is an internal cert-manager utility (can be broken or removed) which generates Helm docs, schema files and performs linting.

example-approver-policy-plugin

Example approver policy plugin https://cert-manager.io/docs/projects/approver-policy/#plugins

issuer-lib

issuer-lib is the Go library for building cert-manager issuers.