{"id":14572997,"url":"https://github.com/cert-manager/istio-csr","last_synced_at":"2025-04-09T09:10:39.307Z","repository":{"id":37794237,"uuid":"299311318","full_name":"cert-manager/istio-csr","owner":"cert-manager","description":"istio-csr is an agent that allows for Istio workload and control plane components to be secured using cert-manager.","archived":false,"fork":false,"pushed_at":"2024-04-14T01:12:09.000Z","size":1049,"stargazers_count":152,"open_issues_count":43,"forks_count":55,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-04-14T02:23:09.566Z","etag":null,"topics":["certificate","istio","kubernetes","tls"],"latest_commit_sha":null,"homepage":"https://cert-manager.io/docs/usage/istio-csr/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cert-manager.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-09-28T13:04:47.000Z","updated_at":"2024-04-15T04:55:57.153Z","dependencies_parsed_at":"2023-12-28T15:02:04.883Z","dependency_job_id":"080b9053-bcbd-4464-acde-0a525376c2d3","html_url":"https://github.com/cert-manager/istio-csr","commit_stats":{"total_commits":409,"total_committers":34,"mean_commits":"12.029411764705882","dds":"0.44254278728606355","last_synced_commit":"6381d4511ba4f9b2d291cb0ccb8158ebf193a55d"},"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Fistio-csr","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Fistio-csr/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Fistio-csr/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Fistio-csr/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cert-manager","download_url":"https://codeload.github.com/cert-manager/istio-csr/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247412966,"owners_count":20934934,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","istio","kubernetes","tls"],"created_at":"2024-09-07T09:01:22.564Z","updated_at":"2025-04-09T09:10:39.230Z","avatar_url":"https://github.com/cert-manager.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png\" height=\"256\" width=\"256\" alt=\"cert-manager project logo\" /\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://godoc.org/github.com/cert-manager/istio-csr\"\u003e\n    \u003cimg src=\"https://godoc.org/github.com/cert-manager/istio-csr?status.svg\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://goreportcard.com/report/github.com/cert-manager/istio-csr\"\u003e\n    \u003cimg alt=\"Go Report Card\" src=\"https://goreportcard.com/badge/github.com/cert-manager/istio-csr\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://artifacthub.io/packages/search?repo=cert-manager\"\u003e\n    \u003cimg alt=\"artifact hub badge\" src=\"https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/cert-manager\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n# istio-csr\n\nistio-csr is an agent that allows for [Istio](https://istio.io) workload and\ncontrol plane components to be secured using\n[cert-manager](https://cert-manager.io).\n\nCertificates facilitating mTLS \u0026mdash; both inter\nand intra-cluster \u0026mdash; will be signed, delivered and renewed using [cert-manager\nissuers](https://cert-manager.io/docs/concepts/issuer).\n\nistio-csr supports Istio v1.10+ and cert-manager v1.3+\n\n---\n\n## Documentation\n\nPlease follow the documentation at\n[cert-manager.io](https://cert-manager.io/docs/usage/istio/) for installing and\nusing istio-csr.\n\n## Release Process\n\nThe release process is documented in [RELEASE.md](RELEASE.md).\n\n## Inner workings\n\nistio-csr has 3 main components: the TLS certificate obtainer, the gRPC server and the CA bundle distributor.\n1. The TLS certificate obtainer is responsible for obtaining the TLS certificate for the gRPC server.\nIt uses the cert-manager API to create a CertificateRequest resource, which will be picked up by cert-manager and signed by the configured issuer.\n2. The gRPC server is responsible for receiving certificate signing requests from istiod and sending back the signed certificate.\nHerefore, it uses the cert-manager CertificateRequest API to obtain the signed certificate.\n3. The CA bundle distributor is responsible for creating and updating istio-ca-root-cert ConfigMaps in all namespaces (filtered using namespaceSelector).\n\n## Istio Ambient\n\nWhen istio-csr is being deployed into Istio Ambient, the `--ca-trusted-node-accounts` flag must be set with the `\u003cnamespace\u003e/\u003cservice-account-name\u003e` of ztunnel, eg. `istio-system/ztunnel`.\nThis allows ztunnel to authenticate using its own identity, then request certificates for the identity it will impersonate. For more information on how ztunnel handles certificate, see the Istio Ambient [docs](https://github.com/istio/istio/blob/master/architecture/ambient/ztunnel.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcert-manager%2Fistio-csr","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcert-manager%2Fistio-csr","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcert-manager%2Fistio-csr/lists"}