Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tutorial: trust-manager distributing public CAs in k8s #1212

Merged
merged 7 commits into from
Jun 21, 2023
Merged

tutorial: trust-manager distributing public CAs in k8s #1212

merged 7 commits into from
Jun 21, 2023

Conversation

hawksight
Copy link
Member

@hawksight hawksight commented Apr 14, 2023
edited
Loading

Based on some internal Jetstack documentation, I've created a public version demonstrating how to manage and enforce public trust (CAs) in Kubernetes. This was discussed with @maelvls at Jetstack.

I originally had a private CA added, but thought that most people would start with public CAs. Needing a private CA adds another step or blocker from people trying this tutorial, so hence it's all based on public CAs at the moment.

This version was rewritten from a version that originally used trust-manager v0.2.0. So this now uses the useDefaultCAs: true option.

I might have to do some tweaks on the formatting and markdown syntax, so PR's in draft to get a preview URL.

@jetstack-bot jetstack-bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Apr 14, 2023
@jetstack-bot jetstack-bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. and removed dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. labels Apr 14, 2023
@netlify
Copy link

netlify bot commented Apr 14, 2023
edited
Loading

Deploy Preview for cert-manager-website ready!

Name Link
🔨 Latest commit 67a501a
🔍 Latest deploy log https://app.netlify.com/sites/cert-manager-website/deploys/6492ba3b2afb8c0007312ae8
😎 Deploy Preview https://deploy-preview-1212--cert-manager-website.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@jetstack-bot jetstack-bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 16, 2023
@hawksight hawksight changed the title feat: Trust manager tutorial feat: Trust manager public trust tutorial Jun 19, 2023
@maelvls
Copy link
Member

maelvls commented Jun 19, 2023

/cc @maelvls

@jetstack-bot jetstack-bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 19, 2023
@hawksight hawksight changed the title feat: Trust manager public trust tutorial tutorial: trust-manager distributing public CAs in k8s Jun 19, 2023
@hawksight hawksight marked this pull request as ready for review June 19, 2023 17:34
@jetstack-bot jetstack-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 19, 2023
@hawksight
Copy link
Member Author

hawksight commented Jun 19, 2023
edited
Loading

@maelvls - as discussed I have checked over @aidy's comments and made a couple tweaks. Now ready to review :)

@aidy thank you for the review 👍 - you were correct on all counts

@hawksight
Copy link
Member Author

/cc @SgtCoDFish

SgtCoDFish
SgtCoDFish reviewed Jun 20, 2023
View reviewed changes
Copy link
Member

@SgtCoDFish SgtCoDFish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really love this, it's so good! Only a couple of suggestions from me - what do you think?

content/docs/tutorials/getting-started-with-trust-manager/README.md Outdated Show resolved Hide resolved
content/docs/tutorials/getting-started-with-trust-manager/README.md Outdated Show resolved Hide resolved
content/docs/tutorials/getting-started-with-trust-manager/README.md Outdated Show resolved Hide resolved
@hawksight
feat: Public trust management tutorial
093f3df 
Signed-off-by: Peter Fiddes <peter.fiddes@jetstack.io>
@hawksight
fix: Remove commented out markdown
db3441e 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
@hawksight
fix: Spelling and style
8ec0805 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
@hawksight
fix: Spelling python3
ce9c111 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
@hawksight
docs: Review comments and some minor tweaks to flow
1a030bb 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
@hawksight
docs: Correction and warnings on CA Paths
6e35680 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
SgtCoDFish
SgtCoDFish reviewed Jun 20, 2023
View reviewed changes
Copy link
Member

@SgtCoDFish SgtCoDFish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one last nitpick from me but after that I'm happy to merge this!

content/docs/manifest.json Outdated Show resolved Hide resolved
content/docs/tutorials/getting-started-with-trust-manager/README.md Outdated Show resolved Hide resolved
@hawksight
docs: Correct trust-manager title
67a501a 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
@hawksight
Copy link
Member Author

@SgtCoDFish - yep, good suggestions, it should be as consistent as possible 👍 Those are corrected now 🤞

SgtCoDFish
SgtCoDFish approved these changes Jun 21, 2023
View reviewed changes
Copy link
Member

@SgtCoDFish SgtCoDFish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

This is a big improvement - thanks so much 😁

@jetstack-bot jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Jun 21, 2023
@jetstack-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hawksight, SgtCoDFish

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jetstack-bot jetstack-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 21, 2023
@jetstack-bot jetstack-bot merged commit 64db4cd into cert-manager:master Jun 21, 2023
4 checks passed
@hawksight hawksight deleted the pf/public-trust branch June 21, 2023 11:37
@hawksight hawksight mentioned this pull request Aug 31, 2023
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aidy aidy aidy left review comments

@SgtCoDFish SgtCoDFish SgtCoDFish approved these changes

@maelvls maelvls Awaiting requested review from maelvls

Assignees

@SgtCoDFish SgtCoDFish

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. lgtm Indicates that a PR is ready to be merged. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@hawksight @maelvls @jetstack-bot @SgtCoDFish @aidy