cert-manager-selfservice

command module
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 2, 2022 License: MIT Imports: 1 Imported by: 0

README

cert-manager-selfservice

Conventional Commits GitHub issues

This project aims to utilize a working cert-manager installation to provide certificates outside kubernetes as easy as possible.

Overview

What does cert-manager-selfservice (CMS) offer?

  • Just make an http call to get your certificate, example: http://localhost:8030/cert/your.domain.tld/pem
  • CMS creates certificates ressources automatically
  • CMS keep track when certificates are accessed
  • CMS cleanup certificates not requested in a time

Install

You need a working cert-manager installation and issuer for the domains you want to get certificates.

Simply use the Helm Chart to get started.

Usage

Expose your selfservice by ingress for example, the following examples assume that the selfservice http is reachable under http://selfservice.example.com

Login to the target system that want to use a certificate, create an directory and simply execute the commands:

mkdir /etc/ssl/selfservice
wget -O /etc/ssl/selfservice/service.test.example.com.pem http://selfservice.example.com/cert/service.test.example.com/pem

This will request a certificte for domain service.test.example.com from selfservice, at the very first request for this domain the file under /etc/ssl/selfservice/service.test.example.com.pem will created empty.

This is because cert-manager creating certificates asynchronously the commonly used lets-encrypt certificates will normally take more than one minute to populate.

Selfservice will return HTTP Code 202 until the certificate is ready to use and normal Code 200 when its ready, this means you should check your request for HTTP Code 200.

This example script can be used to get certificates only when ready, this simple call will put the final certificate under /etc/ssl/selfservice/service.test.example.com.pem when ready:

get-certificate.sh http://selfservice.example.com service.test.example.com

If you run it in a cronjob the certificate will automatically renewed regullary.

Development

Testing

The most simplest usage (for testing) would to run cert-manager-selfservice with your local kubeconfig, this can be done by:

./cert-manager-selfservice server --issuer-name your-issuer-to-use

Then you can request a certificate by calling: http://localhost:8030/cert/your.domain.tld/pem

If the certificate not exists a certificate ressource will automatically be created, until there is no valid secret (issued certificate) a HTTP 202 will be returned.

There a also other endpoints like crt, key, ca, json availiable.

Debugger

There a serveral ways to easy start development and using live debugging provided by delve

VSCode integrated Console

The provided launch.json has a debug task Launch File predefined, just hit start and it should run with the args provided in launch.json.

VSCode external Terminal

A more advanced way to test in an external Terminal is provided by the External Debugging launch config and ./debug script:

  1. Execute debug script with arguments as normal: ./debug server --issuer-name your-issuer-to-use
  2. Start the External Debugging session in vscode

Unfortunately the order is importend because vscode does not try to automatically connect after start.

Documentation

Overview

Copyright © 2021 Mario Fritschen <mario@fritschen.net>

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Source Files

View all Source files

Directories

Path Synopsis
internal
cert
cleaner
kube
server
static

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.