csi-driver

csi-driver is a Container Storage Interface (CSI) driver plugin for Kubernetes to work along cert-manager. The goal for this plugin is to facilitate requesting and mounting certificate key pairs to pods seamlessly. This is useful for facilitating mTLS, or otherwise securing connections of pods with guaranteed present certificates whilst having all of the features that cert-manager provides.

Why a CSI Driver?

Ensure private keys never leave the node and are never sent over the network. All private keys are stored locally on the node.
Unique key and certificate per application replica with a grantee to be present on application run time.
Reduce resource management overhead by defining certificate request spec in-line of the Kubernetes Pod template.
Automatic renewal of certificates based on expiry of each individual certificate.
Keys and certificates are destroyed during application termination.
Scope for extending plugin behaviour with visibility on each replica's certificate request and termination.

Documentation

Please follow the documentation at cert-manager.io for installing and using csi-driver.

About

A Kubernetes CSI plugin to automatically mount signed certificates to Pods using ephemeral volumes

https://cert-manager.io

Apache License 2.0

Languages

Language:Go 89.0%Language:Shell 4.2%Language:Python 4.1%Language:Makefile 1.7%Language:Dockerfile 0.6%Language:Mustache 0.5%