Tim Ramlot, cert-manager maintainer, Jetstack
cert-manager is an open source X.509 certificate controller for Kubernetes. It automates certificate issuance for Kubernetes workloads. In this demo, certificates will be used to prove the identity of the Emissary API gateway and to prove the identity of peers in an mTLS Linkerd service mesh. Thanks to cert-manager's Issuer integrations, external CAs like Vault can be used to sign these certificates.
trust-manager is another project led by the cert-manager team. It distributes and manages the trusted CA certificates in a Kubernetes cluster. In this workshop, it is used to make all Kubernetes services trust the CA that is used for Linkerd mTLS, this way we can verify the peer identity in an mTLS connection. Additionally, it can be used to quickly update what public CAs are trusted.
2 апр 2023
