certs/README.md

# Certificates

This section contains the CA certificates used for testing.
The only step necessary is to [install](#install-and-trust-the-CA) the CA.
The rest of the documentation is for reference.

## Setup

First we generate a key for our CA certificate:

```shell
openssl genrsa -out local-ca.key 2048
```

Then generate the CA certificate:

```shell
openssl req -new -x509 -nodes -days 365000 \
   -key local-ca.key \
   -out local-ca.pem
```

Generate a k8s secret:

```shell
kubectl create secret generic ca-key-pair2 \
  --from-literal=tls.crt="$(cat local-ca.pem)" \
  --from-literal=tls.key="$(cat local-ca.key)"
```

The [certificates.yaml](../k8s/app/certificates.yaml) contains the secrets already and wil be used by cert-manager
to sign certificates.

## Install and trust the CA

```shell
sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" local-ca.pem
```
feat(certificates): add self-signed CA and corresponding certificate Adds a self-signed CA configuration and a certificate for the shiny organization. This change creates a Kubernetes Secret for the CA key pair and an Issuer that references this Secret. A Certificate resource is created to automate certificate provisioning for specified DNS names, improving the infrastructure's security and facilitating testing. 2025-12-10 07:46:52 +01:00			`# Certificates`

			`This section contains the CA certificates used for testing.`
			`The only step necessary is to [install](#install-and-trust-the-CA) the CA.`
			`The rest of the documentation is for reference.`

			`## Setup`

			`First we generate a key for our CA certificate:`

			```shell
			`openssl genrsa -out local-ca.key 2048`
			```

			`Then generate the CA certificate:`

			```shell
			`openssl req -new -x509 -nodes -days 365000 \`
			`-key local-ca.key \`
			`-out local-ca.pem`
			```

			`Generate a k8s secret:`

			```shell
			`kubectl create secret generic ca-key-pair2 \`
			`--from-literal=tls.crt="$(cat local-ca.pem)" \`
			`--from-literal=tls.key="$(cat local-ca.key)"`
			```

feat(ingress): add TLS configuration for staging hosts Add TLS configuration for staging-shiny and staging-shiny-api hosts in the ingress resources. Create a new namespace for ingress-nginx to better organize resources. Update kustomization files to include new certificates and secrets. Streamline setup process with improved wait commands for pod readiness. 2025-12-10 08:16:27 +01:00			`The [certificates.yaml](../k8s/app/certificates.yaml) contains the secrets already and wil be used by cert-manager`
feat(certificates): add self-signed CA and corresponding certificate Adds a self-signed CA configuration and a certificate for the shiny organization. This change creates a Kubernetes Secret for the CA key pair and an Issuer that references this Secret. A Certificate resource is created to automate certificate provisioning for specified DNS names, improving the infrastructure's security and facilitating testing. 2025-12-10 07:46:52 +01:00			`to sign certificates.`

			`## Install and trust the CA`

			```shell
			`sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" local-ca.pem`
			```