Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cert-manager/trust-manager

trust-manager is an operator for distributing trust bundles across a Kubernetes cluster.
https://github.com/cert-manager/trust-manager

go golang hacktoberfest kubernetes security tls

Last synced: 4 days ago
JSON representation

trust-manager is an operator for distributing trust bundles across a Kubernetes cluster.

Host: GitHub
URL: https://github.com/cert-manager/trust-manager
Owner: cert-manager
License: apache-2.0
Created: 2021-07-10T18:41:48.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-11-08T01:46:07.000Z (5 days ago)
Last Synced: 2024-11-08T02:32:26.817Z (5 days ago)
Topics: go, golang, hacktoberfest, kubernetes, security, tls
Language: Go
Homepage: https://cert-manager.io/docs/projects/trust-manager/
Size: 1.56 MB
Stars: 255
Watchers: 8
Forks: 69
Open Issues: 61
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md

Awesome Lists containing this project

README

# trust-manager

trust-manager is the easiest way to manage trust bundles in Kubernetes and OpenShift clusters!

It takes a list of trusted certificates which you specify and combines them into a bundle which you can trust directly
in your applications.

Supported sources include a public trust bundle similar to what you get from your Operating System.

[Installation instructions](https://cert-manager.io/docs/projects/trust-manager/) and [API reference documentation](https://cert-manager.io/docs/projects/trust-manager/api-reference/)
are available on the cert-manager website.

## Demo

If you've got Docker installed and you just want to play with trust-manager as soon as possible, we provide
a `demo` command to quickly get a [Kind cluster](https://kind.sigs.k8s.io/) running trust-manager.

First, clone the repo then run `make demo`:

```bash
git clone --single-branch https://github.com/cert-manager/trust-manager trust-manager
cd trust-manager
make demo
# kubeconfig is in ./bin/kubeconfig.yaml
# kind cluster is called "trust"
```

The demo installation uses Helm, and roughly matches what you'd get by installing trust-manager into your own
cluster using Helm - although it uses locally-built images rather than the ones we publish publicly.

## Example Bundle

The simplest useful Bundle to start with is likely to be one using default CAs, which are available from trust-manager 0.4.0+.

This default CA package is based on Debian's `ca-certificates` package, and so matches what you'd expect to see in a Debian
container or VM.

```yaml
apiVersion: trust.cert-manager.io/v1alpha1
kind: Bundle
metadata:
name: trust-manager-bundle
spec:
sources:
- useDefaultCAs: true
target:
configMap:
key: "bundle.pem"
```

This Bundle will lead to a ConfigMap called `trust-manager-bundle` containing the default CAs being created in all namespaces, ready to be mounted
and used by your applications.

Your ConfigMap will automatically be updated if you change your bundle, too - so to update it, simply update your Bundle!

For more details see the [trust-manager documentation](https://cert-manager.io/docs/projects/trust-manager/).