Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow CA issuers to generate their own secrets #2479

Closed
jroper opened this issue Dec 18, 2019 · 9 comments
Closed

Allow CA issuers to generate their own secrets #2479

jroper opened this issue Dec 18, 2019 · 9 comments
Labels
area/ca Indicates a PR directly modifies the CA Issuer code kind/feature Categorizes issue or PR as related to a new feature. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.

Comments

@jroper
Copy link

jroper commented Dec 18, 2019

Is your feature request related to a problem? Please describe.
Currently, when creating a CA issuer, you have to manually generate a self signed cert for it (if that's what you want to use).

Describe the solution you'd like
Add an option to CA issuers to generate a self signed cert if its configured secret doesn't yet exist.

Additional context
If combined with #2478, CA issuers could be made to auto rotate their certificates when they are nearing expiration.
@retest-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle stale

@jetstack-bot jetstack-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 17, 2020
@retest-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle rotten
/remove-lifecycle stale

@jetstack-bot jetstack-bot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Apr 16, 2020
@meyskens
Copy link
Contributor

/kind feature
/priority important-long-term
/remove-lifecycle stale

In meantime you can use this as an alternative bu using the SelfSigned Issuer to create the CA cert for you:

---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: selfsigned-issuer
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: ca
spec:
  secretName: ca
  commonName: ca
  isCA: true
  issuerRef:
    name: selfsigned-issuer
    kind: Issuer
    group: cert-manager.io
---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: ca-issuer
spec:
  ca:
    secretName: ca

@jetstack-bot jetstack-bot added the kind/feature Categorizes issue or PR as related to a new feature. label Apr 24, 2020
@jetstack-bot
Copy link
Collaborator

@meyskens: The label(s) priority/important-long-term cannot be applied, because the repository doesn't have them

In response to this:

/kind feature
/priority important-long-term
/remove-lifecycle stale

In meantime you can use this as an alternative bu using the SelfSigned Issuer to create the CA cert for you:

---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
 name: selfsigned-issuer
spec:
 selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
 name: ca
spec:
 secretName: ca
 commonName: ca
 isCA: true
 issuerRef:
   name: selfsigned-issuer
   kind: Issuer
   group: cert-manager.io
---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
 name: ca-issuer
spec:
 ca:
   secretName: ca

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@meyskens meyskens added the priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. label Apr 24, 2020
@meyskens
Copy link
Contributor

/remove-lifecycle rotten

@jetstack-bot jetstack-bot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Apr 24, 2020
@meyskens meyskens added the area/ca Indicates a PR directly modifies the CA Issuer code label Apr 24, 2020
@jetstack-bot
Copy link
Collaborator

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle stale

@jetstack-bot jetstack-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 15, 2021
@jetstack-bot
Copy link
Collaborator

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle rotten
/remove-lifecycle stale

@jetstack-bot jetstack-bot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Oct 15, 2021
@jetstack-bot
Copy link
Collaborator

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Send feedback to jetstack.
/close

@jetstack-bot
Copy link
Collaborator

@jetstack-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Send feedback to jetstack.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/ca Indicates a PR directly modifies the CA Issuer code kind/feature Categorizes issue or PR as related to a new feature. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jroper @meyskens @jetstack-bot @retest-bot