From 421f5f508fbff856d4ad44c47af24a90ed9226db Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Wed, 20 Sep 2023 18:01:55 +0100 Subject: [PATCH] review comments part 2 Signed-off-by: Ashley Davis --- content/docs/projects/csi-driver.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/content/docs/projects/csi-driver.md b/content/docs/projects/csi-driver.md index 81823f0ae01..9bd10b2dade 100644 --- a/content/docs/projects/csi-driver.md +++ b/content/docs/projects/csi-driver.md @@ -17,10 +17,16 @@ directly into the pod, with no intermediate Secret being created. - Fewer `Certificate` resources means writing less YAML - Keys and certificates are destroyed when an application terminates - No `Secret` resources needed for storing the certificate means less RBAC +- Great for ephemeral, short-lived certificates which don't need to survive a restart (e.g. certificates for mTLS) + +## Why _not_ use csi-driver? + +- If you need certificates to be persisted through a node restart +- If you need the same certificate to be shared by multiple components ## Installation -You must have a working installation of cert-manager present on your cluster and be running at least Kubernetes v1.16. +You must have a working installation of cert-manager present on your cluster and be running at least Kubernetes `v1.16`. Instructions on how to install cert-manager can be found [on this website](../installation/README.md).