Comments (1)
onelapahead
commented on June 27, 2024
https://cert-manager.io/docs/usage/csi-driver/#why-use-csi-driver could be alternative for the use case of:
The same cert-manager installation is then used for dynamically provisioning mTLS Certificates for various internal microservices from an internal CA. Instances of the microservices may come and go, and so their Certificates are deleted as they are. But over time Secrets are then accumulating in Namespaces and require scripting / automating their cleanup to avoid etcd storage issues, affecting Secret watchers, etc. Enabling the CLI option for cert-manager could solve this, but then the Ingress Certificates would also be automatically cleaned up which is undesirable.
depending on the specifics.
Though, yet-another CSI driver on a cluster has a few extra downsides IMO:
- Another
DaemonSetmeans more processes and if you have to set resource requests / limits you might be eating memory / CPU reservation space on your machines (thought requests of 0 might be fine). - If you are a writing an operator that integrates with cert-manager, you added another component dependency on your operator users. Daemon components require extra scrutiny from enterprise platform and security teams, and might be a blocker for operator installation.
from cert-manager.
Related Issues (20)
- Solver pod returns 404 error during http01 challenge HOT 5
- v1.12.X release Infinite loop with 2 certs with different keystore settings HOT 4
- Report the use of components with vulnerabilities in cert-manager HOT 3
- I don't understand the purpose of the new tests.
- Confusing messaging when certificate secret name already exist HOT 1
- Optionally write ca.crt to ConfigMap
- Support testing on Kubernetes v1.30 HOT 1
- Feature Request: Add support to set future date as notBefore when requesting for certificate HOT 5
- Regular expression file missing HOT 1
- RFC2136 provider sending wrong domain to DNS server HOT 1
- Email address ignored by cert-manager when its creates CSR
- certificate chain is malformed HOT 3
- 1.14.5 recreated all my certs as the same secret
- Add more certificate information into prometheus metrics HOT 1
- i want to install cert manager for deploying self hosted runners in Azure kubernetes is it okay if i add below repo is it safe or can you give me any other alternative other than this HOT 1
- cainjector ConfigMap isn't mounted on cainjector's deployment
- Customize and control time of order retry execution
- Bug in E2E_EXISTING_CHART=true E2E_CERT_MANAGER_VERSION=1.14.2 make e2e-setup-certmanager
- Cert Manager Helm Chart: Unnecessary RBAC permissions HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cert-manager.