Rewrite the overview and how-it-works sections in the README #26
Description
I am quite confused by the "overview" and "how it works" sections that we copied over from the marketing google doc and are now at the top of our README.md. The descriptions feel blurry from a developer standpoint.
First, the overview section:
-
we talk about machine identities without really explaining what these are in the context of this Marketplace solution: people know about X.509 certificates, about the TLS and SSH protocols. Venafi defines machine identities as being "keys and certificates";
- Can we specify that machine identities are? Something like:
In the context of a Kubernetes cluster relying on cert-manager to issue certificates, machine identities are the X.509 certificates and RSA keys that workloads rely on to serve encrypted traffic.
- Can we specify that machine identities are? Something like:
-
the focus seems to be on Jetstack Secure but I struggle to understand what is Jetstack Secure by reading this paragraph:
- Regarding the purpose of Jetstack Secure, I would simply say:
The Jetstack Secure UI helps you visualize the state of your X.509 TLS certificates and set up alerts in order to avoid missing on certificate renewal. The Jetstack Secure agent runs as deployment in your cluster and feeds the certificate status information to the Jetstack Secure UI.
- Regarding the purpose of Jetstack Secure, I would simply say:
Overview
Jetstack Secure runs inside the Kubernetes clusters and provides higher levels of control and management around machine identity protection. It exists to solve real enterprise problems from a lack of control and visibility of machine identities and how they map to the organisation's cloud infrastructure. As workloads start to scale, the need for machine identity management grows.
Jetstack Secure is built on top of cert-manager and uses native integration with the Kubernetes API to secure workloads between clusters and nodes to protect from outside malicious intent, and provide real-time visual status on cluster integrity. cert-manager has become the de facto solution for issuing and renewing certificates from popular public and private certificate issuers. Platform operators can provide fast and easy self-service to development teams, whilst maintaining control and protection at all times.
Key benefits of Jetstack Secure:
- Builds a detailed view of the security posture using a management UI to monitor and manage the TLS certificates assigned to each cluster
- Integrates natively with Kubernetes and OpenShift
- Automates the full X.509 certificate lifecycle
- Prevents certificate-related outages and security breaches
- Modern declarative "as code" configuration and automation
- Ensures workloads comply with corporate security best practice
- Enforces security through continuous monitoring of machine identities
Secondly, the how-it-works section does not really talk about cert-manager, it seems to only talk about how the Jetstack Secure agent works:
How it works
A lightweight agent is installed to clusters to observe the status and health of machine identities, including those that have been manually created by developers. The web based management interface gives visibility of these identities and the context such as pod, namespace and cluster, to quickly identify and troubleshoot misconfigurations that risk operational and security posture. As the infrastructure scales, Jetstack Secure provides a rich set of additional tools and support capabilities to give more effective overall management of clusters.