k8s-apps/cert-manager

cert manager

creates (lets encrypt) certifcates automatically

if anotated in an ingress definition

#trust-manager trust-manager is the easiest way to manage trust bundles in Kubernetes and OpenShift clusters.

important: cert manager is required and trust manager is being installed in the cert-manager namespace!!!

It orchestrates bundles of trusted X.509 certificates which are primarily used for validating certificates during a TLS handshake but can be used in other situations, too.

##Overview trust-manager is a small Kubernetes operator which aims to help reduce the overhead of managing TLS trust bundles in your clusters.

It adds the Bundle custom Kubernetes resource (CRD) which can read input from various sources and combine the resultant certificates into a bundle ready to be used by your applications.

trust-manager ensures that it's both quick and easy to keep your trusted certificates up-to-date and enables cluster administrators to easily automate providing a secure bundle without having to worry about rebuilding containers to update trust stores.

It's designed to complement cert-manager and works well when consuming CA certificates from a cert-manager Issuer or ClusterIssuer but can be used entirely independently from cert-manager if needed.

##Usage trust-manager is intentionally simple, and adds one new Kubernetes CustomResourceDefintion: Bundle.

A Bundle represents a set of PEM-encoded X.509 certificates that should be distributed and made available across the cluster. Bundles are cluster scoped.

Users specify a list of sources, which trust-manager will query and concatenate certificate data from. The only other required field is the target, which describes how and where the resulting bundle will be written.

improvements: metrics liveness probes resource limits