Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add guide or section on how to use cert-manager driven certs in Kuma #1667

Open
lahabana opened this issue Feb 23, 2024 · 1 comment
Open

add guide or section on how to use cert-manager driven certs in Kuma #1667

lahabana opened this issue Feb 23, 2024 · 1 comment
Labels
kind/feature New feature triage/accepted The issue was reviewed and is complete enough to start working on it

Comments

@lahabana
Copy link
Contributor

lahabana commented Feb 23, 2024
edited

Description

With kumahq/kuma#9342 it becomes easy to use cert-manager for cp certs.

It would be nice to have a guide for it:

cert manager stuff used:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned-issuer
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: kuma-selfsigned-ca
  namespace: kuma-system
spec:
  isCA: true
  commonName: kuma-selfsigned-ca
  secretName: root-secret
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: selfsigned-issuer
    kind: ClusterIssuer
    group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: kuma-issuer
  namespace: kuma-system
spec:
  ca:
    secretName: root-secret
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: control-plane-cert
  namespace: kuma-system
spec:
  secretName: control-plane-cert
  duration: 2160h # 90d
  renewBefore: 360h # 15d
  isCA: false
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048
  usages:
    - server auth
  dnsNames:
    - kuma-control-plane.kuma-system.svc
    - kuma-control-plane
    - kuma-control-plane.kuma-system
    - kuma-control-plane.kuma-system.svc.local
  issuerRef:
    name: kuma-issuer
    kind: Issuer

values:

controlPlane:
  tls:
    general:
      secretName: control-plane-cert
@lahabana lahabana added triage/pending This issue will be looked at on the next triage meeting kind/feature New feature labels Feb 23, 2024
@lahabana lahabana mentioned this issue Feb 23, 2024
Open
@jakubdyszkiewicz jakubdyszkiewicz added triage/accepted The issue was reviewed and is complete enough to start working on it and removed triage/pending This issue will be looked at on the next triage meeting labels Feb 26, 2024
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label May 27, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lukidzi lukidzi removed the triage/stale Inactive for some time. It will be triaged again label May 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature New feature triage/accepted The issue was reviewed and is complete enough to start working on it
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lahabana @jakubdyszkiewicz @lukidzi