cert-manager support #59
Comments
|
By changing the certificate names to those used by portieris, it is very straightforward to use certificates from cert-manager. |
|
Thankyou for this contribution, would you also be able to submit a PR to keep it inline? |
What are you referring to doing inline? |
|
Sorry I seem to have left out some important words! |
starlingx-github
pushed a commit
to starlingx/portieris-armada-app
that referenced
this issue
Jul 23, 2020
Specifically, these two issues are blocking using portieris app with starlingx: * IBM/portieris#51 * IBM/portieris#59 Once these fixes are included in a published release of portieris, drop this patch and rebase to the latest release. Story: 2007348 Task: 40434 Change-Id: I14d0e5664333c5080440b9fd156c66a317444563 Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
sjhx
added a commit
that referenced
this issue
Aug 19, 2020
* Use cert-manager naming convention for portieris Rename portieris certs from serverCert.pem and serverKey.pem to tls.crt and tls.key, following the naming conventions used by cert-manager. In combination with SkipSecretCreation=true, this allows using cert-manager to generate portieris certs. #59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> * Add UseCertManager option to get CA certificate This commit adds an option in the admission webhook, to support getting the CA certificate through injection from the cert-manager webhook, instead of being passed into the helm chart as a file. #59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> * Create certificate by default if UseCertManager #59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> * Add optionally using cert-manager to readme #59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> Co-authored-by: Stuart Hayton <sjhx@users.noreply.github.com>
tim-gp
pushed a commit
to tim-gp/portieris
that referenced
this issue
Oct 1, 2020
* Use cert-manager naming convention for portieris Rename portieris certs from serverCert.pem and serverKey.pem to tls.crt and tls.key, following the naming conventions used by cert-manager. In combination with SkipSecretCreation=true, this allows using cert-manager to generate portieris certs. IBM#59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> * Add UseCertManager option to get CA certificate This commit adds an option in the admission webhook, to support getting the CA certificate through injection from the cert-manager webhook, instead of being passed into the helm chart as a file. IBM#59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> * Create certificate by default if UseCertManager IBM#59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> * Add optionally using cert-manager to readme IBM#59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> Co-authored-by: Stuart Hayton <sjhx@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Instead of generating the certificates out of band, then injecting them, it would be nice if the helm chart supported asking cert-manager to do that automatically.
Cert-manager even uses this mechanism to register its own webhook. For example, see:
https://github.com/jetstack/cert-manager/blob/master/deploy/charts/cert-manager/webhook/templates/pki.yaml
The text was updated successfully, but these errors were encountered: