{"id":20723248,"url":"https://github.com/camptocamp/puppetca-issuer","last_synced_at":"2025-06-22T11:08:59.128Z","repository":{"id":66235389,"uuid":"291759346","full_name":"camptocamp/puppetca-issuer","owner":"camptocamp","description":"Cert-manager issuer for the Puppet Certificate Authority","archived":false,"fork":false,"pushed_at":"2020-10-20T14:37:22.000Z","size":370,"stargazers_count":10,"open_issues_count":3,"forks_count":0,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-06-22T11:08:53.081Z","etag":null,"topics":["cert-manager","certificate","kubernetes","kubernetes-environment","openssl","puppet"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/camptocamp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-31T15:54:41.000Z","updated_at":"2022-06-01T08:34:28.000Z","dependencies_parsed_at":null,"dependency_job_id":"97ddeace-9a4c-4803-b999-04c2e4b7af33","html_url":"https://github.com/camptocamp/puppetca-issuer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/camptocamp/puppetca-issuer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/camptocamp%2Fpuppetca-issuer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/camptocamp%2Fpuppetca-issuer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/camptocamp%2Fpuppetca-issuer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/camptocamp%2Fpuppetca-issuer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/camptocamp","download_url":"https://codeload.github.com/camptocamp/puppetca-issuer/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/camptocamp%2Fpuppetca-issuer/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261282320,"owners_count":23134940,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cert-manager","certificate","kubernetes","kubernetes-environment","openssl","puppet"],"created_at":"2024-11-17T04:08:03.627Z","updated_at":"2025-06-22T11:08:54.113Z","avatar_url":"https://github.com/camptocamp.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Puppet Certificate Authority Issuer\n\nThis is a Cert-Manager issuer for the Puppet CA.\n\n\n# cert-manager\n\ncert-manager manages certificates in Kubernetes environment (among others) and keeps track of renewal requirements (https://cert-manager.io/). It supports various in-built issuers that issue the certificates to be managed by cert-manager.\n\n# Puppet CA Issuer\n\nThis project plugs into cert-manager as an external issuer that talks to the Puppet CA to get certificates issued for your Kubernetes environment.\n\n# Setup\n\nInstall cert-manager first (https://cert-manager.io/docs/installation/kubernetes/), version 0.16.1 or later.\n\nClone this repo and perform following steps to install controller:\n\n```\n# make build\n# make docker\n# make deploy\n```\n\nCreate secret that holds Puppet CA credentials:\n\n```\n# cat secret.yaml\n\napiVersion: v1\nkind: Secret\nmetadata:\n  name: puppetca-credentials\n  namespace: puppetca-issuer-system\ndata:\n  url: \u003cbase64 encoding of url to the PuppetCA\u003e\n  cert: \u003cbase64 encoding of certificate to access the PuppetCA\u003e\n  key: \u003cbase64 encoding of private key to access the PuppetCA\u003e\n  cacert: \u003cbase64 encoding of CA certificate of the PuppetCA\u003e\n```\n\n _Note_: While generating base64 encoding of above fields, ensure there is no newline character included in the encoded string. For example, following command could be used:\n \n ```\n echo -n \"\u003caccess key\u003e\" | base64\n ```\n\nApply configuration to create secret: \n\n```  \n# kubectl apply -f secret.yaml\n```\n\nCreate resource PuppetCAIssuer for our controller:\n\n```\n# cat issuer.yaml\n\napiVersion: certmanager.puppetca/v1alpha2\nkind: PuppetCAIssuer\nmetadata:\n  name: puppetca-issuer\n  namespace: puppetca-issuer-system\nspec:\n  provisioner:\n    secretName: puppetca-credentials\n    url:\n      key: url\n    cert:\n      key: cert\n    key:\n      key: key\n    cacert:\n      key: cacert\n```\n\nApply this configuration:\n\n```\n# kubectl apply -f issuer.yaml\n\n# kubectl describe PuppetCAIssuer -n puppetca-issuer-system\n\nName:         puppetca-issuer\nNamespace:    puppetca-issuer-system\nLabels:       \u003cnone\u003e\nAnnotations:  API Version:  certmanager.puppetca/v1alpha2\nKind:         PuppetCAIssuer\n...\nSpec:\n  Provisioner:\n    Url:\n      key: url\n    Cert:\n      key: cert\n    Key:\n      key: key\n    CaCert:\n      key: cacert\nStatus:\n  Conditions:\n    Last Transition Time:  2020-08-31T04:34:33Z\n    Message:               PuppetCAIssuer verified and ready to sign certificates\n    Reason:                Verified\n    Status:                True\n    Type:                  Ready\nEvents:\n  Type    Reason    Age                    From                     Message\n  ----    ------    ----                   ----                     -------\n  Normal  Verified  8m22s (x2 over 8m22s)  puppetca-controller      PuppetCAIssuer verified and ready to sign certificates\n```\n\nNow create certificate:\n\n```\n# cat certificate.yaml\n\napiVersion: cert-manager.io/v1alpha2\nkind: Certificate\nmetadata:\n  name: foo-puppet-cert\n  namespace: puppetca-issuer-system\nspec:\n  # The secret name to store the signed certificate\n  secretName: puppet-certificate-foo\n  # Common Name\n  commonName: foo.com\n  # DNS SAN\n  dnsNames:\n    - localhost\n    - foo.com\n  issuerRef:\n    group: certmanager.puppetca\n    kind: PuppetCAIssuer\n    name: puppetca-issuer\n  # This is required for the Puppet CA\n  encodeUsagesInRequest: false\n```\n\n```\n# kubectl apply -f certificate.yaml\n# kubectl describe Certificate foo-puppet-cert -n puppetca-issuer-system\n\nName:         foo-puppet-cert\nNamespace:    puppetca-issuer-system\nLabels:       \u003cnone\u003e\nAnnotations:  API Version:  cert-manager.io/v1alpha3\nKind:         Certificate\n...\nSpec:\n  Common Name:  foo.com\n  Dns Names:\n    localhost\n    foo.com\n  Encode Usages In Request:  false\n  Issuer Ref:\n    Group:       certmanager.puppetca\n    Kind:        PuppetCAIssuer\n    Name:        puppetca-issuer\n  Secret Name:   puppet-certificate-foo\nStatus:\n  Conditions:\n    Last Transition Time:  2020-08-18T04:34:48Z\n    Message:               Certificate is up to date and has not expired\n    Reason:                Ready\n    Status:                True\n    Type:                  Ready\n  Not After:               2020-08-19T04:34:45Z\n  Not Before:              2020-08-18T03:34:45Z\n  Renewal Time:            2020-08-19T03:34:45Z\n  Revision:                1\nEvents:\n  Type    Reason     Age    From          Message\n  ----    ------     ----   ----          -------\n  Normal  Issuing    6m1s   cert-manager  Issuing certificate as Secret does not exist\n  Normal  Generated  6m     cert-manager  Stored new private key in temporary Secret resource \"backend-puppetca-7m9sx\"\n  Normal  Requested  6m     cert-manager  Created new CertificateRequest resource \"backend-puppetca-m2gz5\"\n  Normal  Issuing    5m51s  cert-manager  The certificate has been successfully issued\n```\n\nCheck certificate and private key are present in secrets:                                             \n\n```\n# kubectl describe secrets puppet-certificate-foo -n puppetca-issuer-system   \n\nName:         foo-puppet-cert\nNamespace:    puppetca-issuer-system\nLabels:       \u003cnone\u003e\nAnnotations:  cert-manager.io/alt-names: localhost,foo.com\n              cert-manager.io/certificate-name: foo-puppet-cert\n              cert-manager.io/common-name: foo.com\n              cert-manager.io/issuer-kind: PuppetCAIssuer\n              cert-manager.io/issuer-name: puppetca-issuer\n              cert-manager.io/uri-sans:\n\nType:  kubernetes.io/tls\n\nData\n====\ntls.key:  xxxx bytes\ntls.crt:  yyyy bytes\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcamptocamp%2Fpuppetca-issuer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcamptocamp%2Fpuppetca-issuer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcamptocamp%2Fpuppetca-issuer/lists"}