-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cert-manager support #59
Comments
By changing the certificate names to those used by portieris, it is very straightforward to use certificates from cert-manager. |
Thankyou for this contribution, would you also be able to submit a PR to keep it inline? |
What are you referring to doing inline? |
Sorry I seem to have left out some important words! |
Specifically, these two issues are blocking using portieris app with starlingx: * IBM/portieris#51 * IBM/portieris#59 Once these fixes are included in a published release of portieris, drop this patch and rebase to the latest release. Story: 2007348 Task: 40434 Change-Id: I14d0e5664333c5080440b9fd156c66a317444563 Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
* Use cert-manager naming convention for portieris Rename portieris certs from serverCert.pem and serverKey.pem to tls.crt and tls.key, following the naming conventions used by cert-manager. In combination with SkipSecretCreation=true, this allows using cert-manager to generate portieris certs. #59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> * Add UseCertManager option to get CA certificate This commit adds an option in the admission webhook, to support getting the CA certificate through injection from the cert-manager webhook, instead of being passed into the helm chart as a file. #59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> * Create certificate by default if UseCertManager #59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> * Add optionally using cert-manager to readme #59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> Co-authored-by: Stuart Hayton <sjhx@users.noreply.github.com>
* Use cert-manager naming convention for portieris Rename portieris certs from serverCert.pem and serverKey.pem to tls.crt and tls.key, following the naming conventions used by cert-manager. In combination with SkipSecretCreation=true, this allows using cert-manager to generate portieris certs. IBM#59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> * Add UseCertManager option to get CA certificate This commit adds an option in the admission webhook, to support getting the CA certificate through injection from the cert-manager webhook, instead of being passed into the helm chart as a file. IBM#59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> * Create certificate by default if UseCertManager IBM#59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> * Add optionally using cert-manager to readme IBM#59 Signed-off-by: Joseph Richard <joseph.richard@windriver.com> Co-authored-by: Stuart Hayton <sjhx@users.noreply.github.com>
Instead of generating the certificates out of band, then injecting them, it would be nice if the helm chart supported asking cert-manager to do that automatically.
Cert-manager even uses this mechanism to register its own webhook. For example, see:
https://github.com/jetstack/cert-manager/blob/master/deploy/charts/cert-manager/webhook/templates/pki.yaml
The text was updated successfully, but these errors were encountered: