Werbot
trust-manager
Werbot | trust-manager | |
---|---|---|
1 | 2 | |
80 | 221 | |
- | 4.1% | |
8.0 | 9.2 | |
10 days ago | about 16 hours ago | |
Go | Go | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Werbot
-
Werbot VS trasa - a user suggested alternative
2 projects | 9 Apr 2024
trust-manager
-
What if your Pods need to trust self-signed certificates?
Plug (but it's open source and free!): We've been trying to address this in Kubernetes with trust-manager. [1] Trust bundles need to be a runtime concern and they need to support trusting both the old a new version of a cert to safely allow for rotation. It's pretty simple but it seems to work well!
trust-manager also supports pulling in the Mozilla trust bundle which most Linux distros (and therefore most containers) use!
Handling trust of private [2] certificates is done poorly generally across many orgs and platforms, not just Kubernetes. There are lots of ways of shooting yourself in the foot - particularly when it comes to rotating CA certificates. I think there's a lot of space here for new solutions here!
[1] https://cert-manager.io/docs/projects/trust-manager/
[2] I try to avoid "self-signed" in this use case because its literal meaning is that the certificate signs itself using its own key, which is what root certificates do. The Let's Encrypt ISRG X1 root certificate is self-signed but it's definitely not what I'd call a 'private CA'; see https://letsencrypt.org/certificates/
What are some alternatives?
ssl-proxy - :lock: Simple zero-config SSL reverse proxy with real autogenerated certificates (LetsEncrypt, self-signed, provided)
ca-injector - Painlessly use off-the-shelf images (and your own) in your k8s cluster, with custom root CAs.
certmagic - Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal
kubernetes-replicator - Kubernetes controller for synchronizing secrets & config maps across namespaces
docker-compose-stack - Use docker-compose and watchtower to self-deploy and auto-update a stack
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS