Self signed issuer - Githubissues

gardener / cert-management

Manages TLS certificates in Kubernetes clusters using custom resources

Apache License 2.0

32 stars 22 forks source link

Self signed issuer #228

Open RaphaelVogel opened 1 month ago

RaphaelVogel commented 1 month ago

What this PR does / why we need it: Create a self signed certificate was already possible using a CA issuer. Using this approach you need to manually create a self-signed certificate using openssl, create a secret out of it and reference this secret in your CA issuer.

To simplify this manual process a new issuer of type selfSigned is created, which creates a self signed certificate.

In addition two additional features are added:

The certificate resource can now define a duration (lifetime of the certificate). This field may be ignored by the issuer (especially Let's encrypt)
Specifying a csr is now possible with issuers of type selfSigned and ca

Which issue(s) this PR fixes: Fixes #

Special notes for your reviewer:

Release note:

gardener-prow[bot] commented 1 month ago

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

gardener-prow[bot] commented 1 month ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from martinweindel. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/gardener/cert-management/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

gardener-ci-robot commented 3 weeks ago

The Gardener project currently lacks enough active contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:

After 15d of inactivity, lifecycle/stale is applied
After 15d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 7d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

Mark this PR as fresh with /remove-lifecycle stale
Mark this PR as rotten with /lifecycle rotten
Close this PR with /close

/lifecycle stale

MartinWeindel commented 3 weeks ago

/remove-lifecycle stale

gardener-ci-robot commented 1 week ago

The Gardener project currently lacks enough active contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:

After 15d of inactivity, lifecycle/stale is applied
After 15d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 7d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

Mark this PR as fresh with /remove-lifecycle stale
Mark this PR as rotten with /lifecycle rotten
Close this PR with /close

/lifecycle stale

MartinWeindel commented 1 week ago

/remove-lifecycle stale