kubecert

module
v0.0.0-...-8c03b57 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 18, 2024 License: Apache-2.0

README

Kubecert

Go Report Card

A Kubernetes controller that automates the generation of self-signed TLS certificates for applications, simplifying the deployment process and ensuring secure communication. kubecert kubernetes controller continuously watches and reconciles Certificate custom resource to generate kubenetes native Secret resource using provided specifications. The Secret is expected to contain a tls.crt and a tls.key file which are actually a self-signed certificate and private key.

It is a requirement to install cert-manager prior to installing kubecert controller. Cert-manager is used to inject self-signed certificates for controller manager webhook server. Use the following command to install cert-manager using helm CLI.

helm repo add jetstack https://charts.jetstack.io --force-update
helm install \
          cert-manager jetstack/cert-manager \
          --namespace cert-manager \
          --create-namespace \
          --version v1.15.3 \
          --set crds.enabled=true

You can also install the cert-manager release manifest using kubectl CLI as well.

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.3/cert-manager.yaml

Simply, cd into the project directory and install the controller using the following commands.

cd kubecert
export IMG=raihankhanraka/kubecert:v1.0.0
make deploy

You can also self-build the docker image and install the controller using that image.

export IMG=<docker-registry>/kubecert:<tag>
make docker-build
make docker-push
make deploy

Now, Try with the sample yaml from here

Let's take a look at the configurable fields in the custom resource object and their default values.

certificate.spec. Default Accepted Types
subject.organizations []string
subject.countries []string
subject.organizaionalUnits []string
subject.localities []string
subject.provinces []string
subject.streetAddresses []string
subject.postalCodes []string
commonName string
duration 90d units( "ms", "s", "m", "h", "d", "w", "y" )
dnsNames []string
ipAddresses []string
uris []string
emailAddresses []string
secretRef.name -secret []string
usages digital signature,
key encipherment		 digital signature,
content commitment
key encipherment
key agreement
data encipherment
cert sign
crl sign
encipher only
decipher only
any
server auth
client auth
code signing
email protection
ipsec end system
ipsec tunnel
ipsec user
timestamping
ocsp signing
microsoft sgc
netscape sgc
privateKey.encoding pkcs8 pkcs1
pkcs8
privateKey.algorithm RSA RSA
ECDSA
Ed25519
privateKey.size 2048 for RSA - 2048,4096,8192
for ECDSA - 256, 384, 521
Ed25519

Directories

Path Synopsis
api
v1
Package v1 contains API Schema definitions for the certs v1 API group +kubebuilder:object:generate=true +groupName=certs.k8c.io
 Package v1 contains API Schema definitions for the certs v1 API group +kubebuilder:object:generate=true +groupName=certs.k8c.io
pkg
controller
test
utils

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.