certificate-operator

module

v0.1.0 Latest Latest Go to latest Published: May 27, 2024 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dana-team/certificate-operator

Links

Open Source Insights

README ¶

certificate-operator

A Kubernetes operator designed to manage Certificate resources by interfacing with the Cert API.

It automates the process of obtaining and renewing TLS certificates from Cert and managing them as Kubernetes secrets.

Features

TLS Secret creation: Automatically creates a secret of type tls in the requested name and namespace. The tls.crt and tls.key are extracted from the Certificate obtained from Cert.
Automatic Certificate Renewal: Automatically renews TLS Certificates before they expire, ensuring continuous security for your applications.

Resources

Certificate

Manages specifications for creating certificates.
Contains details about the certificate's validity period (validFrom and validTo) and the current state of the certificate.
Provides insights into the certificate's signature hash algorithm, and GUID.

Note: The fields in the Spec are all optional, not all have to be specified.

apiVersion: cert.dana.io/v1alpha1
kind: Certificate
metadata:
  name: certificate-sample
spec:
  certificateData:
    subject:
      commonName: "example"
      country: "ex"
      state: "example"
      locality: "example"
      organization: "example"
      organizationUnit: "example"
    san:
      dns:
        - "www.example.com"
      ips:
        - "192.168.1.1"
    template: "default"
    form: pfx
  configRef: 
    name: "certificateconfig-sample"
  secretName: my-secret-new

CertificateConfig

Stores configuration details required for interacting with the external Cert API service.
Specifies settings such as daysBeforeRenewal and waitTimeout, which affect interaction with the external Cert API.

apiVersion: cert.dana.io/v1alpha1
kind: CertificateConfig
metadata:
  name: certificateconfig-sample
spec:
  secretRef:
    name: cert-credentials
    namespace: default
  daysBeforeRenewal: 7
  waitTimeout: 5m

The Secret has a single key - credentials and contains a json with the needed keys, as specified below:

apiVersion: v1
kind: Secret
metadata:
  name: cert-credentials
  namespace: default
type: Opaque
stringData:
  credentials: |
    {
      "apiEndpoint": "https://cert.com/cert-route/",
      "token": "jwt-token",
      "downloadEndpoint": "/down"
    }

Getting Started

Prerequisites

A Kubernetes cluster (you can use KinD).

$ make prereq

Deploying the controller

$ make deploy IMG=ghcr.io/dana-team/certificate-operator:<release>

Build your own image

$ make docker-build docker-push IMG=<registry>/certificate-operator:<tag>

Directories ¶

Path	Synopsis
api
v1alpha1 Package v1alpha1 contains API Schema definitions for the v1alpha1 API group +kubebuilder:object:generate=true +groupName=cert.dana.io	Package v1alpha1 contains API Schema definitions for the v1alpha1 API group +kubebuilder:object:generate=true +groupName=cert.dana.io
cmd
internal
certhandler
clients/cert
clients/http
common
controller
jsonutil

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL