445e522432
- This PR adds two fields to CertificateSpec:
- `keyAlgorithm`, denotes which algorithm to use when generating
a private key. Can be either `rsa` or `ecdsa`. When not set, the
default algorithm used `rsa`.
- `keySize`, denotes the key size of the private key being generated.
For `rsa`, minimum key size is 2048 and maximum is 8192.
For `ecdsa`, sizes 224, 256, 384 & 521 are supported.
See https://golang.org/pkg/crypto/elliptic
- `keySize` can be set without being explicit about `keyAlgorithm`.
- If `keySize` is specified and `keyAlgorithm` is not provided, `rsa` will
be used as the key algorithm.
- `keyAlgorithm` can be set without being explicit about `keySize`.
- If `keyAlgorithm` is specified and `keySize` is not provided, key size
key size of `256` will be used for `ecdsa` key algorithm and
key size of `2048` will be used for `rsa` key algorithm.
- helper functions in `pki` package now return crypto.PrivateKey
|
||
|---|---|---|
| .github | ||
| cmd | ||
| contrib | ||
| docs | ||
| hack | ||
| pkg | ||
| test | ||
| third_party/crypto/acme | ||
| vendor | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| CODE_OF_CONDUCT.md | ||
| Gopkg.lock | ||
| Gopkg.toml | ||
| labels.yaml | ||
| LICENSE | ||
| Makefile | ||
| OWNERS | ||
| README.md | ||
cert-manager
cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources.
It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry.
It is loosely based upon the work of kube-lego and has borrowed some wisdom from other similar projects e.g. kube-cert-manager.
Current status
This project is not yet ready to be a component in a critical production stack, however it is at a point where it offers comparable features to other projects in the space. If you have a non-critical piece of infrastructure, or are feeling brave, please do try cert-manager and report your experience here in the issue section.
NOTE: currently we provide no guarantees on our API stability. This means
there may be breaking changes that will require changes to all
Issuer/Certificate resources you have already created. We aim to provide a
stable API after a 1.0 release.
Documentation
Documentation for cert-manager can be found at cert-manager.readthedocs.io. Please make sure to select the correct version of the documentation to view on the bottom left of the page.
Troubleshooting
If you encounter any issues whilst using cert-manager, and your issue is not documented, please file an issue.
Community
There is a Google Group used for project wide announcements and development coordination. Anybody can join the group by visiting here and clicking "Join Group". A Google account is required to join the group.
Once you have become a member, you should receive an invite to the weekly development meeting, hosted on Wednesdays at 4pm UTC on Zoom.us.
Anyone is welcome to join these calls, even if just to ask questions.
Meeting notes are recorded in Google docs.
Contributing
We welcome pull requests with open arms! There's a lot of work to do here, and we're especially concerned with ensuring the longevity and reliability of the project.
Please take a look at our issue tracker if you are unsure where to start with getting involved!
We also use the #cert-manager channel on kubernetes.slack.com for chat relating to the project.
Developer documentation is available in the official documentation.
Changelog
The list of releases is the best place to look for information on changes between releases.