https://github.com/keyfactor/ejbca-k8s-csr-signer

An implementation of the Kubernetes CSR signing API that routes Certificate Signing Requests from the cluster to the EJBCA Enrollment API
https://github.com/keyfactor/ejbca-k8s-csr-signer

api-client keyfactor-api-client

Last synced: about 1 year ago
JSON representation

An implementation of the Kubernetes CSR signing API that routes Certificate Signing Requests from the cluster to the EJBCA Enrollment API

• Host: GitHub
• URL: https://github.com/keyfactor/ejbca-k8s-csr-signer
• Owner: Keyfactor
• License: apache-2.0
• Created: 2022-07-07T17:02:31.000Z (almost 4 years ago)
• Default Branch: main
• Last Pushed: 2024-08-26T20:57:03.000Z (almost 2 years ago)
• Last Synced: 2025-03-31T12:58:07.422Z (about 1 year ago)
• Topics: api-client, keyfactor-api-client
• Language: Go
• Homepage:
• Size: 6.36 MB
• Stars: 1
• Watchers: 5
• Forks: 5
• Open Issues: 5
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

          

# ejbca-k8s-csr-signer

An implementation of the Kubernetes CSR signing API that routes Certificate Signing Requests from the cluster to the EJBCA Enrollment API

#### Integration status: Production - Ready for use in production environments.

## About the Keyfactor API Client

This API client allows for programmatic management of Keyfactor resources.

## Support for ejbca-k8s-csr-signer

ejbca-k8s-csr-signer is open source and supported on best effort level for this tool/library/client.  This means customers can report Bugs, Feature Requests, Documentation amendment or questions as well as requests for customer information required for setup that needs Keyfactor access to obtain. Such requests do not follow normal SLA commitments for response or resolution. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com/

###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.

---

---



    





    



# EJBCA Certificate Signing Request Proxy for K8s 

[![Go Report Card](https://goreportcard.com/badge/github.com/Keyfactor/ejbca-k8s-csr-signer)](https://goreportcard.com/report/github.com/Keyfactor/ejbca-k8s-csr-signer) [![GitHub tag (latest SemVer)](https://img.shields.io/github/v/tag/keyfactor/ejbca-k8s-csr-signer?label=release)](https://github.com/keyfactor/ejbca-k8s-csr-signer/releases) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![license](https://img.shields.io/github/license/keyfactor/ejbca-k8s-csr-signer.svg)]()

The EJBCA Certificate Signing Request Proxy for K8s forwards certificate signing requests generated by Kubernetes to [EJBCA](https://www.primekey.com/products/ejbca-enterprise/) for signing by a trusted enterprise certificate authority. The signer operates within the [K8s CertificateSigningRequests API](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/) and implements a Controller that uses the the V1 CertificateSigningRequests informer to handle associated resources. CSRs are only enrolled if they are approved using an [approver](https://github.com/kubernetes/kubernetes/tree/master/pkg/controller/certificates/approver).

## Community supported

We welcome contributions.

The cert-manager external issuer for Keyfactor command is open source and community supported, meaning that there is **no SLA** applicable for these tools.

###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, see the [contribution guidelines](https://github.com/Keyfactor/command-k8s-csr-signer/blob/main/CONTRIBUTING.md) and use the **[Pull requests](../../pulls)** tab.

## Migration from EJBCA CSR Signer v1.0 to v2.0

The EJBCA CSR Signer v2.0 has breaking changes from v1.0. To migrate from v1.0 to v2.0, uninstall the v1.0 deployment and install the v2.0 deployment. The v2.0 deployment uses the same configuration as v1.0, but the configuration is now stored in a Kubernetes ConfigMap. See the [Getting Started](docs/getting-started.markdown) to install the v2.0 deployment.

## Documentation

* [Getting Started](docs/getting-started.markdown)

* Usage

  * [Demo usage with Istio](docs/istio-deployment.markdown)

  * [Runtime Customization](docs/annotations.markdown)

  * [End Entity Name Selection](docs/endentitynamecustomization.markdown)

* [Testing](docs/testing.markdown)

* [License](LICENSE)