-
Notifications
You must be signed in to change notification settings - Fork 342
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
replace external issuers page with list of ALL issuers, also add rank…
…s to indicate the quality of issuers and to incentivise issuers to contribute to cert-manager Signed-off-by: Tim Ramlot <[email protected]>
- Loading branch information
Showing
5 changed files
with
209 additions
and
118 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
--- | ||
title: Issuers | ||
description: 'cert-manager configuration: Issuers' | ||
--- | ||
|
||
The following list contains all known cert-manager issuer integrations. | ||
|
||
<div className="rotate"> | ||
| Tier | Controller | Docs | Issuer | cert-manager<br/>version used<br/>in tutorial[^2] | Released within<br/>3 months[^3] | Is Open Source | Supports and<br/>honors approval | | ||
|------|------------|------|--------|--------|--------|--------|--------| | ||
| 🏅[^1] | venafi-enhanced-issuer | [📄][config:venafi-enhanced-issuer] | [Venafi TLS Protect](https://venafi.com/tls-protect/) | [v1.12.1][production:venafi-enhanced-issuer] | [✔️][release:venafi-enhanced-issuer] | ❌ | ✔️ | | ||
| 🥇 | acme-issuer (in-tree) | [📄][config:acme-issuer] | [ACME](https://datatracker.ietf.org/doc/html/rfc8555) | [latest][production:acme-issuer] | [✔️][release:cert-manager] | ✔️ | ✔️ | | ||
| 🥈 | aws-privateca-issuer | [📄][config:aws-privateca-issuer] | [AWS Private Certificate Authority](https://aws.amazon.com/certificate-manager/private-certificate-authority/) | - | [✔️][release:aws-privateca-issuer] | ✔️ | ✔️ | | ||
| 🥈 | vault-issuer (in-tree) | [📄][config:vault-issuer] | [Hashicorp Vault](https://www.vaultproject.io/) | - | [✔️][release:cert-manager] | ✔️ | ✔️ | | ||
| 🥈 | venafi-issuer (in-tree) | [📄][config:venafi-issuer] | [Venafi TLS Protect](https://venafi.com/tls-protect/) | - | [✔️][release:cert-manager] | ✔️ | ✔️ | | ||
| 🥈 | selfsigned-issuer (in-tree) | [📄][config:selfsigned-issuer] | Self-Signed issuer | - | [✔️][release:cert-manager] | ✔️ | ✔️ | | ||
| 🥈 | ca-issuer (in-tree) | [📄][config:ca-issuer] | CA issuer | - | [✔️][release:cert-manager] | ✔️ | ✔️ | | ||
| 🥈 | step-issuer | [📄][config:step-issuer] | [Certificate Authority server](https://github.com/smallstep/certificates) | - | [✔️][release:step-issuer] | ✔️ | ✔️ | | ||
| 🥈 | ncm-issuer | [📄][config:ncm-issuer] | [Nokia Netguard Certificate Manager](https://www.nokia.com/networks/security-portfolio/netguard/certificate-manager) | - | [✔️][release:ncm-issuer] | ✔️ | ✔️ | | ||
| 🥈 | tcs-issuer | [📄][config:tcs-issuer] | [Intel's SGX technology](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/overview.html) | - | [✔️][release:tcs-issuer] | ✔️ | ✔️ | | ||
| 🥈 | google-cas-issuer | [📄][config:google-cas-issuer] | [Google Cloud Certificate<br/>Authority Service](https://cloud.google.com/certificate-authority-service/) | - | [✔️][release:google-cas-issuer] | ✔️ | ✔️ | | ||
| 🥉 | ejbca-issuer | [📄][config:ejbca-issuer] | [EJBCA](https://www.ejbca.org/) | - | [❌][release:ejbca-issuer] | ✔️ | ✔️ | | ||
| 🥉 | origin-ca-issuer | [📄][config:origin-ca-issuer] | [Cloudflare Origin CA](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca) | - | [❌][release:origin-ca-issuer] | ✔️ | ✔️ | | ||
| 🥉 | kms-issuer | [📄][config:kms-issuer] | [AWS KMS](https://aws.amazon.com/kms/) | - | [❌][release:kms-issuer] | ✔️ | ✔️ | | ||
| 🥉 | freeipa-issuer | [📄][config:freeipa-issuer] | [FreeIPA](https://www.freeipa.org) | - | [❌][release:freeipa-issuer] | ✔️ | ✔️ | | ||
| 🥉 | adcs-issuer | [📄][config:adcs-issuer] | [Microsoft Active Directory<br/>Certificate Service](https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority) | - | [❌][release:adcs-issuer] | ✔️ | ✔️ | | ||
| 🥉 | cfssl-issuer | [📄][config:cfssl-issuer] | [CFSSL](https://github.com/cloudflare/cfssl) | - | [❌][release:cfssl-issuer] | ✔️ | ✔️ | | ||
</div> | ||
|
||
[production:venafi-enhanced-issuer]: https://platform.jetstack.io/documentation/academy/issue-and-approve-certificates-with-venafi-control-plane | ||
[production:acme-issuer]: ../tutorials/getting-started-aks-letsencrypt/README.md | ||
|
||
[//]: # (Configuration docs) | ||
|
||
[config:venafi-enhanced-issuer]: https://platform.jetstack.io/documentation/configuration/venafi-enhanced-issuer | ||
[config:acme-issuer]: ./acme.md | ||
|
||
[config:aws-privateca-issuer]: https://github.com/cert-manager/aws-privateca-issuer | ||
[config:selfsigned-issuer]: ./selfsigned.md | ||
[config:ca-issuer]: ./ca.md | ||
[config:vault-issuer]: ./vault.md | ||
[config:venafi-issuer]: ./venafi.md | ||
[config:step-issuer]: https://github.com/smallstep/step-issuer | ||
[config:origin-ca-issuer]: https://github.com/cloudflare/origin-ca-issuer | ||
[config:ncm-issuer]: https://github.com/nokia/ncm-issuer | ||
[config:tcs-issuer]: https://github.com/intel/trusted-certificate-issuer | ||
[config:ejbca-issuer]: https://github.com/Keyfactor/ejbca-cert-manager-issuer | ||
[config:google-cas-issuer]: https://github.com/jetstack/google-cas-issuer | ||
|
||
[config:kms-issuer]: https://github.com/Skyscanner/kms-issuer | ||
[config:freeipa-issuer]: https://github.com/guilhem/freeipa-issuer | ||
[config:adcs-issuer]: https://github.com/nokia/adcs-issuer | ||
[config:cfssl-issuer]: https://gerrit.wikimedia.org/r/plugins/gitiles/operations/software/cfssl-issuer | ||
|
||
[//]: # (Release pages) | ||
|
||
[release:venafi-enhanced-issuer]: https://platform.jetstack.io/documentation/installation/venafi-enhanced-issuer/ | ||
[release:cert-manager]: ../releases/README.md | ||
|
||
[release:aws-privateca-issuer]: https://github.com/cert-manager/aws-privateca-issuer/releases | ||
[release:step-issuer]: https://github.com/smallstep/step-issuer/releases | ||
[release:origin-ca-issuer]: https://github.com/cloudflare/origin-ca-issuer/releases | ||
[release:ncm-issuer]: https://github.com/nokia/ncm-issuer/releases | ||
[release:tcs-issuer]: https://github.com/intel/trusted-certificate-issuer/releases | ||
[release:ejbca-issuer]: https://github.com/Keyfactor/ejbca-cert-manager-issuer/releases | ||
[release:google-cas-issuer]: https://github.com/jetstack/google-cas-issuer/releases | ||
|
||
[release:kms-issuer]: https://github.com/Skyscanner/kms-issuer/releases | ||
[release:freeipa-issuer]: https://github.com/guilhem/freeipa-issuer/releases | ||
[release:adcs-issuer]: https://github.com/nokia/adcs-issuer/releases | ||
[release:cfssl-issuer]: https://gerrit.wikimedia.org/r/plugins/gitiles/operations/software/cfssl-issuer/+refs | ||
|
||
If you've created an issuer which you'd like to share, | ||
[raise a Pull Request](https://github.com/cert-manager/website/pulls) to have it added here! | ||
|
||
These issuers are known to support and honor [approval](https://cert-manager.io/docs/concepts/certificaterequest/#approval). | ||
|
||
## Building New External Issuers | ||
|
||
If you're interested in building a new external issuer, check the [development documentation](../contributing/external-issuers.md). | ||
|
||
## Issuer Tier system | ||
|
||
The cert-manager project has a tier system for issuers. This is to help users | ||
understand the maturity of the issuer. | ||
The tiers are 🥇, 🥈 and 🥉. | ||
|
||
Additionally, there is a special tier 🏅 for issuers that are vouched for by | ||
an active cert-manager reviewer. The aim is to encourage issuer creators to also | ||
contribute back to the cert-manager project. | ||
|
||
NOTE: The cert-manager maintainers can decide to change the criteria and number | ||
of tiers at any time. | ||
|
||
### 🏅 Tier (Sponsor Production-ready) | ||
|
||
- 🥇 Tier criteria. | ||
- [^1] A cert-manager active reviewer (see [GOVERNANCE document](https://github.com/cert-manager/community/blob/main/GOVERNANCE.md)) "vouches" for the issuer. | ||
Each active reviewer can only vouch for one issuer at a time. | ||
|
||
### 🥇 Tier (Production-ready) | ||
|
||
- 🥈 Tier criteria. | ||
- The issuer has an end-to-end tutorial on how to set it up with cert-manager for use in production. | ||
At the time of checking all tutorials[^2], the used cert-manager version has to be non-EOL (see [Supported Releases](../releases/README.md)) | ||
|
||
### 🥈 Tier (Maintained) | ||
|
||
- The issuer has had a release in the last 3 months (at the time of checking all issuers[^3]). | ||
|
||
### 🥉 Tier (Unmaintained) | ||
|
||
Other | ||
|
||
[^1]: venafi-enhanced-issuer: vouched for by [@inteon](https://github.com/inteon) | ||
[^2]: checked on 12th of October 2023 | ||
[^3]: checked on 12th of October 2023 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters