Giters

raihankhan / kubecert

A Kubernetes controller that automates the generation of self-signed TLS certificates for applications, simplifying the deployment process and ensuring secure communication.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Kubecert

Go Report Card License: Apache License 2.0

A Kubernetes controller that automates the generation of self-signed TLS certificates for applications, simplifying the deployment process and ensuring secure communication. kubecert kubernetes controller continuously watches and reconciles Certificate custom resource to generate kubenetes native Secret resource using provided specifications. The Secret is expected to contain a tls.crt and a tls.key file which are actually a self-signed certificate and private key.

It is a requirement to install cert-manager prior to installing kubecert controller. Cert-manager is used to inject self-signed certificates for controller manager webhook server. Use the following command to install cert-manager using helm CLI.

helm repo add jetstack https://charts.jetstack.io --force-update
helm install \
          cert-manager jetstack/cert-manager \
          --namespace cert-manager \
          --create-namespace \
          --version v1.15.3 \
          --set crds.enabled=true

You can also install the cert-manager release manifest using kubectl CLI as well.

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.3/cert-manager.yaml

Simply, cd into the project directory and install the controller using the following commands.

cd kubecert
export IMG=raihankhanraka/kubecert:v1.0.0
make deploy

You can also self-build the docker image and install the controller using that image.

export IMG=<docker-registry>/kubecert:<tag>
make docker-build
make docker-push
make deploy

Now, Try with the sample yaml from here

Let's take a look at the configurable fields in the custom resource object and their default values.

certificate.spec. Default Accepted Types
subject.organizations []string
subject.countries []string
subject.organizaionalUnits []string
subject.localities []string
subject.provinces []string
subject.streetAddresses []string
subject.postalCodes []string
commonName string
duration 90d units( "ms", "s", "m", "h", "d", "w", "y" )
dnsNames []string
ipAddresses []string
uris []string
emailAddresses []string
secretRef.name -secret []string
usages digital signature,
key encipherment		 digital signature,
content commitment
key encipherment
key agreement
data encipherment
cert sign
crl sign
encipher only
decipher only
any
server auth
client auth
code signing
email protection
ipsec end system
ipsec tunnel
ipsec user
timestamping
ocsp signing
microsoft sgc
netscape sgc
privateKey.encoding pkcs8 pkcs1
pkcs8
privateKey.algorithm RSA RSA
ECDSA
Ed25519
privateKey.size 2048 for RSA - 2048,4096,8192
for ECDSA - 256, 384, 521
Ed25519

About

A Kubernetes controller that automates the generation of self-signed TLS certificates for applications, simplifying the deployment process and ensuring secure communication.

License:Apache License 2.0

Languages

Language:Go 87.5%Language:Makefile 10.8%Language:Dockerfile 1.6%