Skip to content

docs: update cluster-proxy blog post to use kind cluster's root CA for TLS certificates #531

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 21, 2025
Merged

docs: update cluster-proxy blog post to use kind cluster's root CA for TLS certificates #531

merged 1 commit into from
Nov 21, 2025

Conversation

@xuezhaojun
Copy link
Member

@xuezhaojun xuezhaojun commented Nov 21, 2025

Summary

Updated the cluster-proxy blog post to use kind cluster's root CA for TLS certificate signing instead of creating a self-signed CA. This approach provides several benefits:

  • All pods and services in the kind cluster automatically trust the certificates without requiring additional CA certificate mounting
  • Simplified certificate management by leveraging the cluster's existing CA infrastructure
  • More practical and realistic setup that mirrors production Kubernetes deployments

Changes

  • Replaced self-signed CA issuer and certificate with kind cluster's root CA
  • Extracted CA certificate and key from kind cluster configuration
  • Updated cert-manager Issuer to use the kind CA
  • Simplified the overall TLS setup process

Test Plan

  • Verify the blog post markdown is syntactically correct
  • Confirm the kubectl commands extract kind cluster CA properly
  • Check that cert-manager Issuer references the correct secret
  • Verify certificate DNS names remain comprehensive for service access

@xuezhaojun
docs: update cluster-proxy blog post to use kind cluster's root CA fo…
88fd483 
…r TLS certificates

Replace self-signed CA with kind cluster's root CA to allow all pods and services
in the kind cluster to automatically trust cluster-proxy certificates without
additional CA certificate mounting.

Signed-off-by: xuezhaojun <zxue@redhat.com>
@openshift-ci openshift-ci bot requested a review from dhaiducek November 21, 2025 03:36
@netlify
Copy link

netlify bot commented Nov 21, 2025
edited
Loading

Deploy Preview for open-cluster-management ready!

Name Link
🔨 Latest commit 88fd483
🔍 Latest deploy log https://app.netlify.com/projects/open-cluster-management/deploys/691fde2ce4d02e00078a28c4
😎 Deploy Preview https://deploy-preview-531--open-cluster-management.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@openshift-ci openshift-ci bot requested a review from qiujian16 November 21, 2025 03:36
@xuezhaojun
Copy link
Member Author

xuezhaojun commented Nov 21, 2025

/assign @haoqing0110

@haoqing0110
Copy link
Member

haoqing0110 commented Nov 21, 2025

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm label Nov 21, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 21, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: haoqing0110, xuezhaojun

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit 556ecd2 into open-cluster-management-io:main Nov 21, 2025
7 checks passed
@xuezhaojun xuezhaojun deleted the docs/cluster-proxy-use-kind-ca branch November 21, 2025 03:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dhaiducek dhaiducek Awaiting requested review from dhaiducek

@qiujian16 qiujian16 Awaiting requested review from qiujian16

Assignees

@haoqing0110 haoqing0110

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@xuezhaojun @haoqing0110