Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make K8s cert-manager compatible #3

Merged
merged 4 commits into from
Oct 4, 2023
Merged

Make K8s cert-manager compatible #3

merged 4 commits into from
Oct 4, 2023

Conversation

lloesche
Copy link
Member

@lloesche lloesche commented Oct 4, 2023
edited
Loading

Description

With this PR FIX CA supports K8s cert-manager style certificate issuer.

Example Issuer

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: fix-ca-issuer
  namespace: cert-manager
spec:
  ca:
    secretName: fix-ca

Example Certificate

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: lukas-test-cert
  namespace: fix
spec:
  secretName: lukas-test
  duration: 2160h # 90d
  renewBefore: 360h # 15d
  commonName: lukas.test
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048
  usages:
    - server auth
    - client auth
  dnsNames:
    - redis.fix
  issuerRef:
    name: fix-ca-issuer
    group: cert-manager.io
    kind: ClusterIssuer

This PR also introduces a /ca/generate endpoint that creates a key and certificate signed by the CA. Clients with a valid JWT can access them through this endpoint. This should only be used if the client cannot produce their own key material and if they do not use the K8s Certificate CRD.

Code of Conduct

By submitting this pull request, I agree to follow the code of conduct.

@lloesche lloesche requested a review from aquamatthias as a code owner October 4, 2023 10:59
@lloesche lloesche merged commit 4f884c1 into main Oct 4, 2023
3 checks passed
@lloesche lloesche deleted the lloesche/certmanager branch October 4, 2023 13:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aquamatthias aquamatthias aquamatthias approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lloesche @aquamatthias