Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cert-manager/trust-manager

trust-manager is an operator for distributing trust bundles across a Kubernetes cluster.
https://github.com/cert-manager/trust-manager

go golang hacktoberfest kubernetes security tls

Last synced: 6 days ago
JSON representation

trust-manager is an operator for distributing trust bundles across a Kubernetes cluster.

Host: GitHub
URL: https://github.com/cert-manager/trust-manager
Owner: cert-manager
License: apache-2.0
Created: 2021-07-10T18:41:48.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2025-01-10T01:49:36.000Z (15 days ago)
Last Synced: 2025-01-11T07:04:39.143Z (13 days ago)
Topics: go, golang, hacktoberfest, kubernetes, security, tls
Language: Go
Homepage: https://cert-manager.io/docs/projects/trust-manager/
Size: 1.62 MB
Stars: 283
Watchers: 8
Forks: 74
Open Issues: 52
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md

Awesome Lists containing this project

README

# trust-manager

trust-manager is the easiest way to manage trust bundles in Kubernetes and OpenShift clusters!

It takes a list of trusted certificate sources and combines them into a bundle which you can trust directly
in your applications.

Supported sources include a public trust bundle similar to what you get from your Operating System.

trust-manager documentation is available on the cert-manager website, including:

- [Installation instructions](https://cert-manager.io/docs/trust/trust-manager/installation/)
- [Usage guidance](https://cert-manager.io/docs/trust/trust-manager/)
- [API reference documentation](https://cert-manager.io/docs/trust/trust-manager/api-reference/)

## Developing trust-manager

trust-manager uses [makefile-modules](https://github.com/cert-manager/makefile-modules/), meaning that any changes to files under `make/_shared` need to be made in that repo and synchronized here using `make upgrade-klone`.

The easiest way to get started is to run the trust-manager smoke tests locally.

Use `make test-smoke`, which creates a [Kind cluster](https://kind.sigs.k8s.io/) using Docker and installs trust-manager (and cert-manager) before running the tests.

To create a cluster without running the smoke tests, use `make test-smoke-deps`.

To use or inspect the cluster, the `KUBECONFIG` file needs to be made available:

```console
export KUBECONFIG=$(pwd)/_bin/scratch/kube.config
```

### Testing

trust-manager has various categories of tests. All categories are run against every PR, along with other checks.

- `make test-unit` - Runs simpler, faster tests which test specific functions
- `make test-integration` - Runs heavier tests with a simplified control-plane which tests how different pieces work together
- `make test-smoke` - Runs end-to-end tests in a dedicated Kubernetes cluster

## Example Bundle

The simplest useful Bundle uses default CAs. This default CA package is based on Debian's `ca-certificates` package, and so matches what you'd expect to see in a Debian container or VM.

```yaml
apiVersion: trust.cert-manager.io/v1alpha1
kind: Bundle
metadata:
name: trust-manager-bundle
spec:
sources:
- useDefaultCAs: true
target:
configMap:
key: "bundle.pem"
```

This Bundle will lead to a ConfigMap called `trust-manager-bundle` containing the default CAs being created in all namespaces, ready to be mounted
and used by your applications.

Your ConfigMap will automatically be updated if you change your bundle, too - so to update it, simply update your Bundle!

For more details see the [trust-manager documentation](https://cert-manager.io/docs/trust/trust-manager/).