-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate cert at startup #293
Comments
@stefanprodan https://github.com/aws/aws-app-mesh-inject/blob/master/gen-cert.sh#L8-L29 But it is still required for customers to send Is my understanding correct? |
Yes indeed the apiserver package doesn't deal with cert approval, cert-manager has a nice utility called cainjector that automates that part without any scripts. |
@stefanprodan I have just done some preliminary work with cert manager which handles the entire cert lifecycle. I also added the yaml to kustomize. I will submit a PR with the changes to the manifests, and the README. If the team wants to fall back on the cert-manager as the solution of choice for admission controllers? |
I think it would be great to have an alternative to Helm that doesn't involve bash scripts. In the Helm installer the cert is handled like this https://github.com/aws/eks-charts/blob/master/stable/appmesh-inject/templates/_helpers.tpl#L59 If we could have a |
closing this as both cert-manager/bash script is supported in GA version |
To simplify the install, if no cert is provided by the user, the admission controller could generate a self signed cert at startup with
MaybeDefaultWithSelfSignedCerts
https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/server/options/serving.go#L271Here is an example https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/start.go#L108
The text was updated successfully, but these errors were encountered: