@@ -7,16 +7,17 @@ description: |
77
88cert-manager creates TLS certificates for workloads in your Kubernetes or OpenShift cluster
99and renews the certificates before they expire.
10- The private key and certificate are stored in Kubernetes Secrets and used by applications or ingress controllers.
1110
12- With the [ csi-driver] ( projects/csi-driver.md ) , [ csi-driver-spiffe] ( projects/csi-driver-spiffe.md ) , or [ istio-csr] ( projects/istio-csr.md ) addons,
13- the private key is generated on-demand, before the application starts up;
14- the private key never leaves the node and it is not stored a Kubernetes Secret.
15-
16- cert-manager can obtain certificates from a variety of certificate authorities, including:
11+ cert-manager can obtain certificates from a [ variety of certificate authorities] ( configuration/issuers.md ) , including:
1712[ Let's Encrypt] ( configuration/acme/README.md ) , [ HashiCorp Vault] ( configuration/vault.md ) ,
1813[ Venafi] ( configuration/venafi.md ) and [ private PKI] ( configuration/ca.md ) .
1914
15+ With cert-manager's [ Certificate resource] ( usage/certificate.md ) , the private key and certificate are stored in a Kubernetes Secret
16+ which is mounted by an application Pod or used by an Ingress controller.
17+ With [ csi-driver] ( usage/csi-driver.md ) , [ csi-driver-spiffe] ( usage/csi-driver-spiffe.md ) , or [ istio-csr] ( usage/istio-csr.md ) ,
18+ the private key is generated on-demand, before the application starts up;
19+ the private key never leaves the node and it is not stored a Kubernetes Secret.
20+
2021![ High level overview diagram explaining cert-manager architecture] ( /images/high-level-overview.svg )
2122
2223This website provides the full technical documentation for the project, and can be
0 commit comments