外部¶

cert-manager 支持外部Issuer类型。 虽然外部颁发者没有在主证书管理器存储库中实现，但它们在其他方面与任何其他颁发者相同。

外部发行者通常部署为一个 pod，它被配置为监视集群中CertificateRequest源，这些源的issuerRef与发行者的名称匹配。 外部发行者存在于cert-manager.io组之外。

每个发行者的安装可能不同;请查看每个外部发行者的文档，以获得有关安装、配置和使用它的更多详细信息。

已知的外部发行人¶

如果您已经创建了一个想要共享的外部发行者，提出一个 Pull Request将它添加到这里!

众所周知，这些外部发行人支持并尊重批准.

• kms-issuer: 请求使用AWS KMS非对称密钥签名的证书。
• aws-privateca-issuer: Requests certificates from AWS Private Certificate Authority for cloud native/hybrid environments.
• google-cas-issuer: Used to request certificates signed by private CAs managed by the Google Cloud Certificate Authority Service.
• origin-ca-issuer: Used to request certificates signed by Cloudflare Origin CA to enable TLS between Cloudflare edge and your Kubernetes workloads.
• step-issuer: Requests certificates from the Smallstep Certificate Authority server.
• freeipa-issuer: Requests certificates signed by FreeIPA.
• ADCS Issuer: Requests certificates signed by Microsoft Active Directory Certificate Service. [NOT MAINTAINED]
• CFSSL Issuer: Request certificates signed by a CFSSL multirootca instance.
• ncm-issuer: Requests certificates from the Nokia Netguard Certificate Manager
• tcs-issuer Requests certificates signed securely using Intel's SGX technology.

建立新的外部发行人¶

如果您对构建一个新的外部发行方感兴趣，请查看开发文档.