Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cert-manager/csi-lib

A library for building CSI drivers that request certificates from cert-manager
https://github.com/cert-manager/csi-lib

kubernetes

Last synced: 4 days ago
JSON representation

A library for building CSI drivers that request certificates from cert-manager

Host: GitHub
URL: https://github.com/cert-manager/csi-lib
Owner: cert-manager
License: apache-2.0
Created: 2021-05-21T18:04:58.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-03-25T13:47:39.000Z (8 months ago)
Last Synced: 2024-05-21T20:07:47.132Z (6 months ago)
Topics: kubernetes
Language: Go
Size: 397 KB
Stars: 13
Watchers: 7
Forks: 13
Open Issues: 7
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: SECURITY.md

Awesome Lists containing this project

README

        


  





  



# cert-manager-csi-lib

A library for building [CSI drivers](https://kubernetes-csi.github.io/docs/)

which interact with [cert-manager's](https://github.com/cert-manager/cert-manager)

CertificateRequest API.

## Introduction

To provide identity documents and TLS certificates to Kubernetes Pods, a CSI

driver can be used which automatically provisions, rotates and exposes

certificates at a user-configured path on a filesystem.

This avoids user applications needing to understand how these identities are

procured, and allows them to be fetched from any supported cert-manager issuer.

This project is first and foremost presented as a library to better support

those wanting to build their own more opinionated identity provisioning drivers

whilst still benefiting from the support and adoption of the cert-manager

project.

For example, despite the vast configurability of cert-manager's

CertificateRequest resource, you may want to restrict/dictate the options used

on the certificates (and their corresponding private key).

This means your security teams can be confident that these complex identity

documents are being handled, configured and procured in a manner which meets

the organisational goals you have in place.

## Goals

This library makes it easy to create your own, potentially opinionated, CSI

drivers.

It takes care of:

- Implementing the CSI interface

- Communicating with the Kubernetes/cert-manager API via CertificateRequests

- Automatically rotating/renewing certificates near expiry

- Managing private key & certificate data on disk

- Exposing private key & certificate data to pods

- Atomically updating written data (to avoid mismatching identity documents)

## Usage

An example implementation of the CSI driver can be found in the [`example/`](./example)

subdirectory.

This presents a highly configurable CSI driver which allows users to configure

the options used when generating private keys and certificate requests using

CSI volume attributes (specified in-line on a pod).

If you intend to implement your own CSI driver, the [`manager/interfaces.go`](./manager/interfaces.go)

file defines the functions and interfaces you will need to implement.

## Contributing

This is a part of the cert-manager project and therefore follows the same

contribution workflow.

Pull requests are welcome, however we strongly recommend creating an issue

**before** beginning work on your change else there will likely be additional

revisions/changes needed before it can be accepted.