Skip to content

Commit

Permalink
replace external issuers page with list of ALL issuers, also add rank…
Browse files Browse the repository at this point in the history
…s to indicate the quality of issuers and to incentivise issuers to contribute to cert-manager

Signed-off-by: Tim Ramlot <[email protected]>
  • Loading branch information
inteon committed Oct 12, 2023
1 parent 6f721df commit ffb7f48
Show file tree
Hide file tree
Showing 5 changed files with 209 additions and 118 deletions.
52 changes: 0 additions & 52 deletions content/docs/configuration/external.md

This file was deleted.

117 changes: 117 additions & 0 deletions content/docs/configuration/issuers.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
---
title: Issuers
description: 'cert-manager configuration: Issuers'
---

The following list contains all known cert-manager issuer integrations.

<div className="rotate">
| Tier | Controller | Docs | Issuer | cert-manager<br/>version used<br/>in tutorial[^2] | Released within<br/>3 months[^3] | Is Open Source | Supports and<br/>honors approval |
|------|------------|------|--------|--------|--------|--------|--------|
| 🏅[^1] | venafi-enhanced-issuer | [📄][config:venafi-enhanced-issuer] | [Venafi TLS Protect](https://venafi.com/tls-protect/) | [v1.12.1][production:venafi-enhanced-issuer] | [✔️][release:venafi-enhanced-issuer] || ✔️ |
| 🥇 | acme-issuer (in-tree) | [📄][config:acme-issuer] | [ACME](https://datatracker.ietf.org/doc/html/rfc8555) | [latest][production:acme-issuer] | [✔️][release:cert-manager] | ✔️ | ✔️ |
| 🥈 | aws-privateca-issuer | [📄][config:aws-privateca-issuer] | [AWS Private Certificate Authority](https://aws.amazon.com/certificate-manager/private-certificate-authority/) | - | [✔️][release:aws-privateca-issuer] | ✔️ | ✔️ |
| 🥈 | vault-issuer (in-tree) | [📄][config:vault-issuer] | [Hashicorp Vault](https://www.vaultproject.io/) | - | [✔️][release:cert-manager] | ✔️ | ✔️ |
| 🥈 | venafi-issuer (in-tree) | [📄][config:venafi-issuer] | [Venafi TLS Protect](https://venafi.com/tls-protect/) | - | [✔️][release:cert-manager] | ✔️ | ✔️ |
| 🥈 | selfsigned-issuer (in-tree) | [📄][config:selfsigned-issuer] | Self-Signed issuer | - | [✔️][release:cert-manager] | ✔️ | ✔️ |
| 🥈 | ca-issuer (in-tree) | [📄][config:ca-issuer] | CA issuer | - | [✔️][release:cert-manager] | ✔️ | ✔️ |
| 🥈 | step-issuer | [📄][config:step-issuer] | [Certificate Authority server](https://github.com/smallstep/certificates) | - | [✔️][release:step-issuer] | ✔️ | ✔️ |
| 🥈 | ncm-issuer | [📄][config:ncm-issuer] | [Nokia Netguard Certificate Manager](https://www.nokia.com/networks/security-portfolio/netguard/certificate-manager) | - | [✔️][release:ncm-issuer] | ✔️ | ✔️ |
| 🥈 | tcs-issuer | [📄][config:tcs-issuer] | [Intel's SGX technology](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/overview.html) | - | [✔️][release:tcs-issuer] | ✔️ | ✔️ |
| 🥈 | google-cas-issuer | [📄][config:google-cas-issuer] | [Google Cloud Certificate<br/>Authority Service](https://cloud.google.com/certificate-authority-service/) | - | [✔️][release:google-cas-issuer] | ✔️ | ✔️ |
| 🥉 | ejbca-issuer | [📄][config:ejbca-issuer] | [EJBCA](https://www.ejbca.org/) | - | [][release:ejbca-issuer] | ✔️ | ✔️ |
| 🥉 | origin-ca-issuer | [📄][config:origin-ca-issuer] | [Cloudflare Origin CA](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca) | - | [][release:origin-ca-issuer] | ✔️ | ✔️ |
| 🥉 | kms-issuer | [📄][config:kms-issuer] | [AWS KMS](https://aws.amazon.com/kms/) | - | [][release:kms-issuer] | ✔️ | ✔️ |
| 🥉 | freeipa-issuer | [📄][config:freeipa-issuer] | [FreeIPA](https://www.freeipa.org) | - | [][release:freeipa-issuer] | ✔️ | ✔️ |
| 🥉 | adcs-issuer | [📄][config:adcs-issuer] | [Microsoft Active Directory<br/>Certificate Service](https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority) | - | [][release:adcs-issuer] | ✔️ | ✔️ |
| 🥉 | cfssl-issuer | [📄][config:cfssl-issuer] | [CFSSL](https://github.com/cloudflare/cfssl) | - | [][release:cfssl-issuer] | ✔️ | ✔️ |
</div>

[production:venafi-enhanced-issuer]: https://platform.jetstack.io/documentation/academy/issue-and-approve-certificates-with-venafi-control-plane
[production:acme-issuer]: ../tutorials/getting-started-aks-letsencrypt/README.md

[//]: # (Configuration docs)

[config:venafi-enhanced-issuer]: https://platform.jetstack.io/documentation/configuration/venafi-enhanced-issuer
[config:acme-issuer]: ./acme.md

[config:aws-privateca-issuer]: https://github.com/cert-manager/aws-privateca-issuer
[config:selfsigned-issuer]: ./selfsigned.md
[config:ca-issuer]: ./ca.md
[config:vault-issuer]: ./vault.md
[config:venafi-issuer]: ./venafi.md
[config:step-issuer]: https://github.com/smallstep/step-issuer
[config:origin-ca-issuer]: https://github.com/cloudflare/origin-ca-issuer
[config:ncm-issuer]: https://github.com/nokia/ncm-issuer
[config:tcs-issuer]: https://github.com/intel/trusted-certificate-issuer
[config:ejbca-issuer]: https://github.com/Keyfactor/ejbca-cert-manager-issuer
[config:google-cas-issuer]: https://github.com/jetstack/google-cas-issuer

[config:kms-issuer]: https://github.com/Skyscanner/kms-issuer
[config:freeipa-issuer]: https://github.com/guilhem/freeipa-issuer
[config:adcs-issuer]: https://github.com/nokia/adcs-issuer
[config:cfssl-issuer]: https://gerrit.wikimedia.org/r/plugins/gitiles/operations/software/cfssl-issuer

[//]: # (Release pages)

[release:venafi-enhanced-issuer]: https://platform.jetstack.io/documentation/installation/venafi-enhanced-issuer/
[release:cert-manager]: ../releases/README.md

[release:aws-privateca-issuer]: https://github.com/cert-manager/aws-privateca-issuer/releases
[release:step-issuer]: https://github.com/smallstep/step-issuer/releases
[release:origin-ca-issuer]: https://github.com/cloudflare/origin-ca-issuer/releases
[release:ncm-issuer]: https://github.com/nokia/ncm-issuer/releases
[release:tcs-issuer]: https://github.com/intel/trusted-certificate-issuer/releases
[release:ejbca-issuer]: https://github.com/Keyfactor/ejbca-cert-manager-issuer/releases
[release:google-cas-issuer]: https://github.com/jetstack/google-cas-issuer/releases

[release:kms-issuer]: https://github.com/Skyscanner/kms-issuer/releases
[release:freeipa-issuer]: https://github.com/guilhem/freeipa-issuer/releases
[release:adcs-issuer]: https://github.com/nokia/adcs-issuer/releases
[release:cfssl-issuer]: https://gerrit.wikimedia.org/r/plugins/gitiles/operations/software/cfssl-issuer/+refs

If you've created an issuer which you'd like to share,
[raise a Pull Request](https://github.com/cert-manager/website/pulls) to have it added here!

These issuers are known to support and honor [approval](https://cert-manager.io/docs/concepts/certificaterequest/#approval).

## Building New External Issuers

If you're interested in building a new external issuer, check the [development documentation](../contributing/external-issuers.md).

## Issuer Tier system

The cert-manager project has a tier system for issuers. This is to help users
understand the maturity of the issuer.
The tiers are 🥇, 🥈 and 🥉.

Additionally, there is a special tier 🏅 for issuers that are vouched for by
an active cert-manager reviewer. The aim is to encourage issuer creators to also
contribute back to the cert-manager project.

NOTE: The cert-manager maintainers can decide to change the criteria and number
of tiers at any time.

### 🏅 Tier (Sponsor Production-ready)

- 🥇 Tier criteria.
- [^1] A cert-manager active reviewer (see [GOVERNANCE document](https://github.com/cert-manager/community/blob/main/GOVERNANCE.md)) "vouches" for the issuer.
Each active reviewer can only vouch for one issuer at a time.

### 🥇 Tier (Production-ready)

- 🥈 Tier criteria.
- The issuer has an end-to-end tutorial on how to set it up with cert-manager for use in production.
At the time of checking all tutorials[^2], the used cert-manager version has to be non-EOL (see [Supported Releases](../releases/README.md))

### 🥈 Tier (Maintained)

- The issuer has had a release in the last 3 months (at the time of checking all issuers[^3]).

### 🥉 Tier (Unmaintained)

Other

[^1]: venafi-enhanced-issuer: vouched for by [@inteon](https://github.com/inteon)
[^2]: checked on 12th of October 2023
[^3]: checked on 12th of October 2023
137 changes: 71 additions & 66 deletions content/docs/manifest.json
Original file line number Diff line number Diff line change
Expand Up @@ -315,87 +315,92 @@
"path": "/docs/configuration/README.md"
},
{
"title": "SelfSigned",
"path": "/docs/configuration/selfsigned.md"
"title": "Issuers",
"path": "/docs/configuration/issuers.md"
},
{
"title": "CA",
"path": "/docs/configuration/ca.md"
},
{
"title": "Vault",
"path": "/docs/configuration/vault.md"
},
{
"title": "Venafi",
"path": "/docs/configuration/venafi.md"
},
{
"title": "External",
"path": "/docs/configuration/external.md"
},
{
"title": "ACME",
"title": "In-tree Issuer Config",
"routes": [
{
"title": "Introduction",
"path": "/docs/configuration/acme/README.md"
"title": "SelfSigned",
"path": "/docs/configuration/selfsigned.md"
},
{
"title": "HTTP01",
"routes": [
{
"title": "Introduction",
"path": "/docs/configuration/acme/http01/README.md"
},
{
"title": "External Load Balancer",
"path": "/docs/configuration/acme/http01/externalloadbalancer.md"
}
]
"title": "CA",
"path": "/docs/configuration/ca.md"
},
{
"title": "Vault",
"path": "/docs/configuration/vault.md"
},
{
"title": "Venafi",
"path": "/docs/configuration/venafi.md"
},
{
"title": "DNS01",
"title": "ACME",
"routes": [
{
"title": "Introduction",
"path": "/docs/configuration/acme/dns01/README.md"
},
{
"title": "ACMEDNS",
"path": "/docs/configuration/acme/dns01/acme-dns.md"
},
{
"title": "Akamai",
"path": "/docs/configuration/acme/dns01/akamai.md"
},
{
"title": "AzureDNS",
"path": "/docs/configuration/acme/dns01/azuredns.md"
},
{
"title": "Cloudflare",
"path": "/docs/configuration/acme/dns01/cloudflare.md"
},
{
"title": "DigitalOcean",
"path": "/docs/configuration/acme/dns01/digitalocean.md"
},
{
"title": "Google CloudDNS",
"path": "/docs/configuration/acme/dns01/google.md"
},
{
"title": "RFC-2136",
"path": "/docs/configuration/acme/dns01/rfc2136.md"
"path": "/docs/configuration/acme/README.md"
},
{
"title": "Route53",
"path": "/docs/configuration/acme/dns01/route53.md"
"title": "HTTP01",
"routes": [
{
"title": "Introduction",
"path": "/docs/configuration/acme/http01/README.md"
},
{
"title": "External Load Balancer",
"path": "/docs/configuration/acme/http01/externalloadbalancer.md"
}
]
},
{
"title": "Webhook",
"path": "/docs/configuration/acme/dns01/webhook.md"
"title": "DNS01",
"routes": [
{
"title": "Introduction",
"path": "/docs/configuration/acme/dns01/README.md"
},
{
"title": "ACMEDNS",
"path": "/docs/configuration/acme/dns01/acme-dns.md"
},
{
"title": "Akamai",
"path": "/docs/configuration/acme/dns01/akamai.md"
},
{
"title": "AzureDNS",
"path": "/docs/configuration/acme/dns01/azuredns.md"
},
{
"title": "Cloudflare",
"path": "/docs/configuration/acme/dns01/cloudflare.md"
},
{
"title": "DigitalOcean",
"path": "/docs/configuration/acme/dns01/digitalocean.md"
},
{
"title": "Google CloudDNS",
"path": "/docs/configuration/acme/dns01/google.md"
},
{
"title": "RFC-2136",
"path": "/docs/configuration/acme/dns01/rfc2136.md"
},
{
"title": "Route53",
"path": "/docs/configuration/acme/dns01/route53.md"
},
{
"title": "Webhook",
"path": "/docs/configuration/acme/dns01/webhook.md"
}
]
}
]
}
Expand Down
3 changes: 3 additions & 0 deletions public/_redirects
Original file line number Diff line number Diff line change
Expand Up @@ -218,3 +218,6 @@ https://docs.cert-manager.io/* https://cert-manager.io/docs/:splat 302!

# Moved the concept pages into the main website
/docs/concepts/certificaterequest/ /docs/usage/certificaterequest/ 301!

# Moved the external issuer section to the main issuers page
/docs/configuration/external/ /docs/configuration/issuers/ 301!
18 changes: 18 additions & 0 deletions styles/global.scss
Original file line number Diff line number Diff line change
Expand Up @@ -151,3 +151,21 @@ a.hidden-link {
.DocSearch-SearchBar {
margin-bottom: 5px;
}

div.rotate th:nth-child(5),th:nth-child(6),th:nth-child(7),th:nth-child(8) {
writing-mode: tb-rl;
transform: rotate(180deg);
padding-top: 1.3em;
padding-bottom: 0;
line-height: 1.2em;
text-align: left;
vertical-align: middle;
}

div.rotate th:nth-child(1),th:nth-child(3),td:nth-child(1),td:nth-child(3),td:nth-child(5),td:nth-child(6),td:nth-child(7),td:nth-child(8) {
text-align: center;
}

div.rotate td:last-child {
padding-right: 0.5714286em !important;
}

0 comments on commit ffb7f48

Please sign in to comment.