362735f8f1
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add default shortNames to certificates CRD Defaults to `[cert, certs]` and is configurable with `certificateCRDShortNames` parameter. **What this PR does / why we need it**: Simplifies manual certificate management with kubectl. Fixes #311 <div name="review-notes" /> **Special notes for your reviewer**: Instead of a boolean switch do/dont include the shortNames, the value defines the aliases. This may be handy if anybody prefers `[crt, crts]` instead. I'm not too keen on the `certificateCRDShortNames` variable name. It might be better to use `Resource` instead of `CRD` to be consistent with the `createCustomResource` var. Other CRDs are probably ok without an alias, but other people workflows may differ. Should these also be configurable? In that case, the variables could be `shortNames: {certificates: [], …}`. **Release note**: ```release-note Add Certificate CRD shortnames `cert` and `certs`. This is configurable in the Helm Chart with `certificateResourceShortNames`. ``` |
||
|---|---|---|
| .github | ||
| cmd | ||
| contrib/charts | ||
| docs | ||
| hack | ||
| pkg | ||
| test | ||
| vendor | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| .travis.yml | ||
| CODE_OF_CONDUCT.md | ||
| Gopkg.lock | ||
| Gopkg.toml | ||
| labels.yaml | ||
| LICENSE | ||
| Makefile | ||
| OWNERS | ||
| README.md | ||
cert-manager
cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources.
It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry.
It is loosely based upon the work of kube-lego and has borrowed some wisdom from other similar projects e.g. kube-cert-manager.
Current status
This project is not yet ready to be a component in a critical production stack, however it is at a point where it offers comparable features to other projects in the space. If you have a non-critical piece of infrastructure, or are feeling brave, please do try cert-manager and report your experience here in the issue section.
NOTE: currently we provide no guarantees on our API stability. This means
there may be breaking changes that will require changes to all
Issuer/Certificate resources you have already created. We aim to provide a
stable API after a 1.0 release.
Quickstart
Prebuilt images for cert-manager are made available on Dockerhub.
Pre-requisites
- Kubernetes cluster with
CustomResourceDefinitionorThirdPartyResourcesupport
Deploying cert-manager
The easiest way to deploy cert-manager into your cluster is to use the Helm chart. For information on how to do this see the Deploying cert-manager using Helm user guide.
Creating your first Issuer and Certificate
An Issuer in cert-manager describes a source of X.509 certificates. A
Certificate in cert-manager defines a desired X.509 certificate. Below is a
list of user guides that can be used to get started with both resources:
- Creating a simple CA based Issuer
- Creating cluster wide Issuers
- Issuing an ACME certificate using HTTP validation
- Issuing an ACME certificate using DNS validation
Further documentation
For further documentation, please check the /docs directory in this repository.
Troubleshooting
If you encounter any issues whilst using cert-manager, and your issue is not documented, please file an issue.
Contributing
We welcome pull requests with open arms! There's a lot of work to do here, and we're especially concerned with ensuring the longevity and reliability of the project.
Please take a look at our issue tracker if you are unsure where to start with getting involved!
We also use the #kube-lego channel on kubernetes.slack.com for chat relating to the project.
Developer documentation should be available soon at docs/devel.
Changelog
The list of releases is the best place to look for information on changes between releases.