search

cert-manager / aws-privateca-issuer

Addon for cert-manager that issues certificates using AWS ACM PCA.
Apache License 2.0
192 stars 81 forks source link

Updated README to include subordinate template for clientAuth #236

Closed weiwarren closed 1 year ago

weiwarren commented 1 year ago

Updated document to be consistent with AWS PCA templates. These are important information for users when using CA issuers in k8s in order to generate certificate for mTLS between pods. https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-varieties

jetstack-bot commented 1 year ago

Thanks for your pull request. Before we can look at it, you'll need to add a 'DCO signoff' to your commits.

:memo: Please follow instructions in the contributing guide to update your commits with the DCO

Full details of the Developer Certificate of Origin can be found at developercertificate.org.

The list of commits missing DCO signoff:

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
jetstack-bot commented 1 year ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: weiwarren To complete the pull request process, please assign paramsethi after the PR has been reviewed. You can assign the PR to them by writing /assign @paramsethi in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/cert-manager/aws-privateca-issuer/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
weiwarren commented 1 year ago

/assign @paramsethi

bmsiegel commented 1 year ago

Hi @weiwarren, this README change is actually incorrect. We map the certmanager usageType to a template in a 1:1 fashion (https://github.com/cert-manager/aws-privateca-issuer/blob/main/pkg/aws/pca.go#L204). We have a feature request to support more path lengths here (https://github.com/cert-manager/aws-privateca-issuer/issues/98). Please feel free to reopen or +1 this issue. If you've implemented something for it we're certainly willing to take a look as well!

bmsiegel commented 1 year ago

Closing this PR for now due to no response