From a9f7510640b6c7dc830611da4d66172f9119a8a8 Mon Sep 17 00:00:00 2001 From: Mike Malone Date: Thu, 17 Jan 2019 16:20:56 -0800 Subject: [PATCH] readme cleanup --- autocert/README.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/autocert/README.md b/autocert/README.md index 5e14b5fd..60c2e357 100644 --- a/autocert/README.md +++ b/autocert/README.md @@ -1,10 +1,20 @@ -AUTOCERT LOGO (see external-dns) +# Autocert Autocert issues X.509 certificates from your own internal certificate authority and auto-mounts them in kubernetes containers so services can use TLS. Autocert is a kubernetes add-on that integrates with `step certificates` to automatically issue X.509 certificates and mount them in your containers. It also automatically renews certificates before they expire. -Diagram / Video +## Key Features + + * A complete public key infrastructure that you control for your kubernetes clusters + * Certificate authority that's easy to initialize and install + * Automatic injection of certificates and keys in annotated containers + * Enable on a per-namespace basis + * Namespaced installation to restrict access to privileged CA and provisioner containers + * Ability to run subordinate to an existing public key infrastructure + * Supports federatation with other roots + +## What are these certificates good for? Autocert certificates let you secure your data plane (service-to-service) communication using mutual TLS (mTLS). Services and proxies can limit access to clients that also have a certificate issued by your certificate authority (CA). Servers can identify which client is connecting improving visibility and enabling granular access control.