signer-ca

command module
v0.0.0-...-e93f448 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 25, 2022 License: Apache-2.0 Imports: 11 Imported by: 0

README

signer-ca

signer-ca is an operator for automatically signing an approved CertificateSigningRequest.

NOTE: This operator is EXPERIMENTAL and requires Kubernetes >= 1.18. It uses Certificates API Enhancements which are only available in Kubernetes >= 1.18.

It watches CertificateSigningRequest (CSR) resources and if the CSR has a .spec.signerName that it recognizes, and if the CSR has been approved, it creates a signed certificate using a certificate-authority file that you supply as a command-line argument to the operator. The signed certificate is configured using the encoded CSR in .spec.request. The signed certificate is added to the .status.certificate of the CSR resource.

Installation

signer-ca can be deployed using kubectl apply -k config/default. See config/e2e for an example of how to make a CA file available to the operator, as a mounted secret.

Build

You can build and deploy signer-ca using make docker-build docker-push deploy-e2e DOCKER_PREFIX=gcr.io/<YOUR_PROJECT>/signer-ca/. See the Makefile for details.

Demo

asciicast

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
internal
api
kubernetes/authority
kubernetes/signer
Package signer implements a CA signer that uses keys stored on local disk.
 Package signer implements a CA signer that uses keys stored on local disk.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.