Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mfinelli/helm-cluster-ca

helm chart to create a private cluster certificate authority using cert-manager
https://github.com/mfinelli/helm-cluster-ca

cert-manager certificate-authority helm-chart k8s kubernetes

Last synced: about 1 month ago
JSON representation

helm chart to create a private cluster certificate authority using cert-manager

Host: GitHub
URL: https://github.com/mfinelli/helm-cluster-ca
Owner: mfinelli
License: apache-2.0
Created: 2022-07-08T17:53:00.000Z (over 2 years ago)
Default Branch: master
Last Pushed: 2022-07-10T09:33:46.000Z (over 2 years ago)
Last Synced: 2024-05-08T22:12:23.648Z (8 months ago)
Topics: cert-manager, certificate-authority, helm-chart, k8s, kubernetes
Language: Smarty
Homepage:
Size: 57.6 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        # helm-cluster-ca

A helm chart to create a cluster-internal private certificate authority using

[cert-manager](https://cert-manager.io).

This is essentially just packaging the example provided upstream

https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers

in order to make it easily reusable across clusters.

Obviously, there is a dependency on `cert-manager` and its CRDs, but you must

install it separately, beforehand as it's not listed as a dependency of this

chart.

## usage

The chart create a `ClusterIssuer`, so install it into the `cert-manager`

namespace (though the exact namespace doesn't really matter):

```shell

helm repo add mfinelli https://charts.finelli.dev

helm install --namespace cert-manager cluster-ca mfinelli/cluster-ca

```

Then wherever you need a locally trusted certificate you can use the normal

`Certificate` and reference the new cluster-wide CA:

```yaml

apiVersion: cert-manager.io/v1

kind: Certificate

metadata:

  name: redis-server

spec:

  secretName: redis-server

  subject:

    organizations:

      - yourorg

  commonName: app-redis-master

  dnsNames:

    - app-redis-master.yourapp.svc.cluster.local

  privateKey:

    rotationPolicy: Always

    algorithm: ECDSA

    size: 256

  usages:

    - server auth

  issuerRef:

    name: cluster-ca-ca

    kind: ClusterIssuer

    group: cert-manager.io

```

## license

```

Copyright 2022 Mario Finelli

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

```