search

openshift / service-serving-cert-signer

Archiving in favor of https://github.com/openshift/service-ca-operator
Apache License 2.0
13 stars 18 forks source link

add controller for syncing apiservice ca bundles #9

Closed deads2k closed 6 years ago

deads2k commented 6 years ago

Has API changes required for config types, but is otherwise ready to review.

Adds a managed controller that will set the CABundle for APIServices that have the "service.alpha.openshift.io/inject-cabundle" annotation set to "true"

oc cluster up --kube-only
oc auth reconcile -f install/serving-cert-signer/install-rbac.yaml
oc create -f manifests/v3.10.0/service-serving-cert-signer-controller/clusterrole.yaml
oc create -f manifests/v3.10.0/service-serving-cert-signer-controller/clusterrolebinding.yaml
oc create -f manifests/v3.10.0/apiservice-cabundle-controller/clusterrole.yaml
oc create -f manifests/v3.10.0/apiservice-cabundle-controller/clusterrolebinding.yaml
oc apply -f install/serving-cert-signer/install.yaml

/assign @mfojtik

After this, I think I'm going to go back and cleanup some required function in the operator for rotating the secrets and configmaps.

deads2k commented 6 years ago

@julienbalestra @pmorie @sttts I think this is the combination of controllers you guys all wanted. I've got one more to write for configmaps. Then work around health checks and suiciding on content change for rotation.

deads2k commented 6 years ago

@tamalsaha I know you use aggregated API servers. This repo is one that you may want to take advantage of eventually.