search

kumahq / kuma-website

🐻 The official website for Kuma, the control plane for modern service connectivity.
https://kuma.io
Apache License 2.0
104 stars 87 forks source link

add guide or section on how to use cert-manager driven certs in Kuma #1667

Open lahabana opened 4 months ago

lahabana commented 4 months ago

Description

With https://github.com/kumahq/kuma/pull/9342 it becomes easy to use cert-manager for cp certs.

It would be nice to have a guide for it:

cert manager stuff used:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned-issuer
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: kuma-selfsigned-ca
  namespace: kuma-system
spec:
  isCA: true
  commonName: kuma-selfsigned-ca
  secretName: root-secret
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: selfsigned-issuer
    kind: ClusterIssuer
    group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: kuma-issuer
  namespace: kuma-system
spec:
  ca:
    secretName: root-secret
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: control-plane-cert
  namespace: kuma-system
spec:
  secretName: control-plane-cert
  duration: 2160h # 90d
  renewBefore: 360h # 15d
  isCA: false
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048
  usages:
    - server auth
  dnsNames:
    - kuma-control-plane.kuma-system.svc
    - kuma-control-plane
    - kuma-control-plane.kuma-system
    - kuma-control-plane.kuma-system.svc.local
  issuerRef:
    name: kuma-issuer
    kind: Issuer

values:

controlPlane:
  tls:
    general:
      secretName: control-plane-cert
github-actions[bot] commented 1 month ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.