39 lines
1.8 KiB
Markdown
39 lines
1.8 KiB
Markdown
# cert manager
|
|
## creates (lets encrypt) certifcates automatically
|
|
|
|
### if anotated in an ingress definition
|
|
|
|
|
|
#trust-manager
|
|
trust-manager is the easiest way to manage trust bundles in Kubernetes and OpenShift clusters.
|
|
|
|
###
|
|
important:
|
|
cert manager is required and trust manager is being installed in the cert-manager namespace!!!
|
|
|
|
|
|
|
|
|
|
|
|
It orchestrates bundles of trusted X.509 certificates which are primarily used for validating certificates during a TLS handshake but can be used in other situations, too.
|
|
|
|
##Overview
|
|
trust-manager is a small Kubernetes operator which aims to help reduce the overhead of managing TLS trust bundles in your clusters.
|
|
|
|
It adds the Bundle custom Kubernetes resource (CRD) which can read input from various sources and combine the resultant certificates into a bundle ready to be used by your applications.
|
|
|
|
trust-manager ensures that it's both quick and easy to keep your trusted certificates up-to-date and enables cluster administrators to easily automate providing a secure bundle without having to worry about rebuilding containers to update trust stores.
|
|
|
|
It's designed to complement cert-manager and works well when consuming CA certificates from a cert-manager Issuer or ClusterIssuer but can be used entirely independently from cert-manager if needed.
|
|
|
|
##Usage
|
|
trust-manager is intentionally simple, and adds one new Kubernetes CustomResourceDefintion: Bundle.
|
|
|
|
A Bundle represents a set of PEM-encoded X.509 certificates that should be distributed and made available across the cluster. Bundles are cluster scoped.
|
|
|
|
Users specify a list of sources, which trust-manager will query and concatenate certificate data from. The only other required field is the target, which describes how and where the resulting bundle will be written.
|
|
|
|
improvements:
|
|
metrics
|
|
liveness probes
|
|
resource limits |