Skip to content

trust-manager is an operator for distributing trust bundles across a Kubernetes cluster.

License

Notifications You must be signed in to change notification settings

guntiskarulis/trust-manager

This branch is 87 commits behind cert-manager/trust-manager:main.

Folders and files

NameName
Last commit message
Last commit date
Oct 15, 2024
Jul 17, 2024
Oct 23, 2024
Jan 12, 2023
Oct 23, 2024
Oct 25, 2024
Oct 23, 2024
Oct 23, 2024
May 9, 2024
May 9, 2024
Sep 25, 2024
Jul 15, 2021
Jul 10, 2021
Aug 30, 2024
May 9, 2024
May 9, 2024
Nov 9, 2023
May 30, 2024
Dec 19, 2022
Oct 30, 2024
Oct 30, 2024
Oct 25, 2024

Repository files navigation

cert-manager project logo

cert-manager/trust-manager godoc Go Report Card Artifact Hub

trust-manager

trust-manager is the easiest way to manage trust bundles in Kubernetes and OpenShift clusters!

It takes a list of trusted certificates which you specify and combines them into a bundle which you can trust directly in your applications.

Supported sources include a public trust bundle similar to what you get from your Operating System.

Installation instructions and API reference documentation are available on the cert-manager website.

Demo

If you've got Docker installed and you just want to play with trust-manager as soon as possible, we provide a demo command to quickly get a Kind cluster running trust-manager.

First, clone the repo then run make demo:

git clone --single-branch https://github.com/cert-manager/trust-manager trust-manager
cd trust-manager
make demo
# kubeconfig is in ./bin/kubeconfig.yaml
# kind cluster is called "trust"

The demo installation uses Helm, and roughly matches what you'd get by installing trust-manager into your own cluster using Helm - although it uses locally-built images rather than the ones we publish publicly.

Example Bundle

The simplest useful Bundle to start with is likely to be one using default CAs, which are available from trust-manager 0.4.0+.

This default CA package is based on Debian's ca-certificates package, and so matches what you'd expect to see in a Debian container or VM.

apiVersion: trust.cert-manager.io/v1alpha1
kind: Bundle
metadata:
  name: trust-manager-bundle
spec:
  sources:
  - useDefaultCAs: true
  target:
    configMap:
      key: "bundle.pem"

This Bundle will lead to a ConfigMap called trust-manager-bundle containing the default CAs being created in all namespaces, ready to be mounted and used by your applications.

Your ConfigMap will automatically be updated if you change your bundle, too - so to update it, simply update your Bundle!

For more details see the trust-manager documentation.

About

trust-manager is an operator for distributing trust bundles across a Kubernetes cluster.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 73.7%
  • Makefile 22.3%
  • Shell 3.6%
  • Mustache 0.4%