Add docs on selfsigned Issuer

docs/index.rst

@@ -9,7 +9,7 @@ Welcome to cert-manager's documentation!
 
 cert-manager is a native Kubernetes_ certificate management controller.
 It can help with issuing certificates from a variety of sources, such as
-`Let's Encrypt`_, `HashiCorp Vault`_ or a simple signing keypair.
+`Let's Encrypt`_, `HashiCorp Vault`_, a simple signing keypair, or self signed.
 
 It will ensure certificates are valid and up to date, and attempt to renew
 certificates at a configured time before expiry.

docs/reference/issuers.rst

@@ -117,18 +117,20 @@ Supported Issuer types
 cert-manager has been designed to support pluggable Issuer backends. The
 currently supported Issuer types are:
 
-===================================   =========================================
-Name                                  Description
-===================================   =========================================
-:doc:`ACME <issuers/acme/index>`      Supports obtaining certificates from an
-                                      ACME server, validating with HTTP01 or
-                                      DNS01
-:doc:`CA <issuers/ca/index>`          Supports issuing certificates using a
-                                      simple signing keypair, stored in a Secret
-                                      in the Kubernetes API server
-:doc:`Vault <issuers/vault/index>`    Supports issuing certificates using
-                                      HashiCorp Vault.
-===================================   =========================================
++-----------------------------------------------+----------------------------------------------------------------------+
+| Name                                          | Description                                                          |
++===============================================+======================================================================+
+| :doc:`ACME <issuers/acme/index>`              | Supports obtaining certificates from an ACME server, validating with |
+|                                               | HTTP01 or DNS01                                                      |
++-----------------------------------------------+----------------------------------------------------------------------+
+| :doc:`CA <issuers/ca/index>`                  | Supports issuing certificates using a simple signing keypair, stored |
+|                                               | in a Secret in the Kubernetes API server                             |
++-----------------------------------------------+----------------------------------------------------------------------+
+| :doc:`Vault <issuers/vault/index>`            | Supports issuing certificates using HashiCorp Vault.                 |
++-----------------------------------------------+----------------------------------------------------------------------+
+| :doc:`Self signed <issuers/selfsigned/index>` | Supports issuing self signed Certificates                            |
++-----------------------------------------------+----------------------------------------------------------------------+
+
 
 Each Issuer resource is of one, and only one type. The type of an Issuer is
 inferred by which field it specifies in its spec, such as ``spec.acme``

docs/reference/issuers/selfsigned/index.rst

@@ -0,0 +1,48 @@
+=========================
+Self-signed Configuration
+=========================
+
+.. toctree::
+   :maxdepth: 1
+
+Self signed Issuers will issue self signed certificates.
+
+This is useful when building PKI within Kubernetes, or as a means to generate a
+root CA for use with the :doc:`CA Issuer </reference/issuers/ca/index>` once
+cert-manager supports setting the ``isCA`` flag on Certificate resources
+(`#85`_).
+
+A self-signed Issuer contains no additional configuration fields, and can be
+created with a resource like so:
+
+.. code-block:: yaml
+
+   apiVersion: certmanager.k8s.io/v1alpha1
+   kind: ClusterIssuer
+   metadata:
+     name: selfsigning-issuer
+   spec:
+     selfSigned: {}
+
+.. note::
+   The presence of the ``selfSigned: {}`` line is enough to indicate that this Issuer
+   is of type 'self signed'.
+
+Once created, you should be able to Issue certificates like normal by
+referencing the newly created Issuer in your ``issuerRef``:
+
+.. code-block:: yaml
+
+   apiVersion: certmanager.k8s.io/v1alpha1
+   kind: Certificate
+   metadata:
+     name: example-crt
+   spec:
+     secretName: my-selfsigned-cert
+     dnsNames:
+     - example.com
+     issuerRef:
+       name: selfsigning-issuer
+       kind: ClusterIssuer
+
+.. _`#85`: https://github.com/jetstack/cert-manager/issues/85