The cert-manager project has a number of satellite projects that extend the project's functionality, and complement the core cert-manager feature-set.
These tools help with security, compliance and control.
- istio-csr: Secure Istio service mesh with istio-csr which is an agent that allows for Istio workload and control plane components to be secured using cert-manager.
- approver-policy: a cert-manager approver that will automatically approve or deny certificate requests based on defined policy.
- csi-driver: a Container Storage Interface (CSI) driver plugin for Kubernetes to work along cert-manager. The goal for this plugin is to seamlessly request and mount certificate key pairs to pods. This is useful for facilitating mTLS, or otherwise securing connections of pods with guaranteed present certificates whilst having all of the features that cert-manager provides.
- csi-driver-spiffe: another CSI driver plugin to work along cert-manager. This CSI driver transparently delivers SPIFFE SVIDs in the form of X.509 certificate key pairs to mounting Kubernetes Pods. The end result is all and any Pod running in Kubernetes can securely request their SPIFFE identity document from a Trust Domain with minimal configuration.
- trust-manager: an operator to distribute trust bundles, like CA certificates, across a Kubernetes cluster.
- trust-manager API reference: full documentation of the trust-manager CRD(s)