Open tashian opened 1 year ago
@tashian in addition to starting a basic CA config with Helm, I've now also done an RA. It seems the new way (step ca init --helm
) doesn't respect all options, so we should fix that in the CLI (and step-ca
). I had to manually edit the generated values.yml
to make it work as a stepcas
authority. You can find some more context about this further down the Discord chat.
It appears that @maraino also thought about this case: https://github.com/smallstep/cli/issues/598 😄
The Helm changes look similar to the things I've recently done for --acme
and --remote-management
. I can probably give this a shot soon 🙂
Hi @hslatman, just checking back on this one. I just revisited step-issuer and autocert, so this would be a good time for me to do a cycle on these Helm RA docs. If you think you'll get to this issue soon, then I'll wait. Otherwise, I will go ahead and update the docs based on the current situation and the workaround you mentioned in Discord.
If you don't have to spend hours on changing the docs for the current situation, then I think that's the best option now. It's been a while since I looked at this, so it probably takes a bit to get up steam again and I have some higher priority things scheduled first.
This tutorial is out of date:
https://smallstep.com/docs/registration-authorities/acme-for-certificate-manager#run-a-registration-authority-on-kubernetes
The proper process should be:
https://github.com/smallstep/helm-charts/tree/master/step-certificates#tldr https://github.com/smallstep/helm-charts/tree/master/step-certificates/examples#registration-authority-connected-to-smallstep-certificate-manager-hosted-certificate-authority
More context in the Discord:
https://discord.com/channels/837031272227930163/841249977699401759/1037518365301940244