Is the --also-generate-pkcs8-key option available for this app?

cockroachdb / k8s

Images and utilities to run cockroach on kubernetes

Apache License 2.0

26 stars 25 forks source link

Is the --also-generate-pkcs8-key option available for this app? #20

Open mmosttler opened 5 years ago

mmosttler commented 5 years ago

I believe that for my java app running in kubernetes I need a pkcs8 formatted key. Is --also-generate-pkcs8-key argument available for this request certificate job?

https://www.cockroachlabs.com/docs/v19.1/create-security-certificates.html#general

kannanlakshmi commented 5 years ago

cc @mberhault

mberhault commented 5 years ago

Unfortunately not. Until it is, you can convert the key using openssl after the request-cert job has finished running. Specifically:

openssl pkcs8 -topk8 -inform PEM -outform DER -in client.maxroach.key -out client.maxroach.pk8 -nocrypt

mmosttler commented 5 years ago

I was able to use the openssl temporarily. To do so I had to add an additional initContainer to my pod to run the openssl command on the acquired certificates. The reason i had to use an additional init container was that the request cert init container does not include openssl. So for this workaround I used the cockroach (client?) container image.

Is there a timeline for getting the pkcs8 param added to the request-cert?