Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cert-manager/csi-driver

A Kubernetes CSI plugin to automatically mount signed certificates to Pods using ephemeral volumes
https://github.com/cert-manager/csi-driver

cert-manager certificate kubernetes

Last synced: 4 days ago
JSON representation

A Kubernetes CSI plugin to automatically mount signed certificates to Pods using ephemeral volumes

Awesome Lists containing this project

README 

        


  cert-manager project logo





  csi-driver godoc

  Go Report Card

  Artifact Hub




# csi-driver



csi-driver is a Container Storage Interface (CSI) driver plugin for Kubernetes

to work along [cert-manager](https://cert-manager.io/). The goal for this plugin

is to facilitate requesting and mounting certificate key pairs to pods

seamlessly. This is useful for facilitating mTLS, or otherwise securing

connections of pods with guaranteed present certificates whilst having all of

the features that cert-manager provides.



## Why a CSI Driver?



- Ensure private keys never leave the node and are never sent over the network.

  All private keys are stored locally on the node.

- Unique key and certificate per application replica with a grantee to be

  present on application run time.

- Reduce resource management overhead by defining certificate request spec

  in-line of the Kubernetes Pod template.

- Automatic renewal of certificates based on expiry of each individual

  certificate.

- Keys and certificates are destroyed during application termination.

- Scope for extending plugin behaviour with visibility on each replica's

  certificate request and termination.



## Documentation



Please follow the documentation at

[cert-manager.io](https://cert-manager.io/docs/projects/csi-driver/) for

installing and using csi-driver.



## Release Process



The release process is documented in [RELEASE.md](RELEASE.md).