feat(certificates): add self-signed CA and corresponding certificate
Adds a self-signed CA configuration and a certificate for the shiny organization. This change creates a Kubernetes Secret for the CA key pair and an Issuer that references this Secret. A Certificate resource is created to automate certificate provisioning for specified DNS names, improving the infrastructure's security and facilitating testing.
This commit is contained in:
@@ -0,0 +1,38 @@
|
||||
# Certificates
|
||||
|
||||
This section contains the CA certificates used for testing.
|
||||
The only step necessary is to [install](#install-and-trust-the-CA) the CA.
|
||||
The rest of the documentation is for reference.
|
||||
|
||||
## Setup
|
||||
|
||||
First we generate a key for our CA certificate:
|
||||
|
||||
```shell
|
||||
openssl genrsa -out local-ca.key 2048
|
||||
```
|
||||
|
||||
Then generate the CA certificate:
|
||||
|
||||
```shell
|
||||
openssl req -new -x509 -nodes -days 365000 \
|
||||
-key local-ca.key \
|
||||
-out local-ca.pem
|
||||
```
|
||||
|
||||
Generate a k8s secret:
|
||||
|
||||
```shell
|
||||
kubectl create secret generic ca-key-pair2 \
|
||||
--from-literal=tls.crt="$(cat local-ca.pem)" \
|
||||
--from-literal=tls.key="$(cat local-ca.key)"
|
||||
```
|
||||
|
||||
The [certificates.yaml](../kind/certificates.yaml) contains the secrets already and wil be used by cert-manager
|
||||
to sign certificates.
|
||||
|
||||
## Install and trust the CA
|
||||
|
||||
```shell
|
||||
sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" local-ca.pem
|
||||
```
|
||||
@@ -0,0 +1,28 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC1t0ZQvIylVS86
|
||||
KoHI2zraBpyUOj+rwOBoGNhk9hkqyE4tZHGbV5/iIp6t7V+pJydkqwlO2TsSFG0d
|
||||
We3ubxGANE+rsxejGfd2Mo7s/IwAs1ifdu1mOKj+JOY0ypMkykIoS9KywYd6v40H
|
||||
WL57IC5ITMB3TEc4pTOJm5PyOobHgVc6YofjQlh2kyrU//XPoV45neXZ/rlPsIKi
|
||||
rD+8mHZ55pt3yvT0wSGw4DZRkTRgBQY99jcKX89waw1iNGR1viMqbhgONOqBd9UX
|
||||
kyMPWUNqEbfYIw2mqLijdKjsvYIIKy4my+TDUEJCvom0wMd0cPF2uWEvjRQW/3kS
|
||||
S73aVD6RAgMBAAECggEAA1d4rlw2GFKpHBOGcEbBarUCBO/O4yR+4l5imSi1bPkv
|
||||
oHVFnMSCjWQMyvufulQ2ZnGGw35wyacg6PZ4aHdLORi9LLxazB/ahYy63omeZ+NK
|
||||
1yCwXCR6mk6pAehS+gA5ZNUc7Z1r4mP9y4uXcfUB8a5uDUOUo7c8a8sCo34g1smQ
|
||||
FMarqKWWDeEfQv5nMO9OG6o9WdGjCi6xkyB+n8ZgRGCtfYOEgO5SDcxBsgLUavF+
|
||||
Lwv+xCgLyJCttMgO1vHbnrdPH2uPYVrlibbXbKfJxaVKpAarluw0Ad17MXjpGvDj
|
||||
W0FOutRjwwWPmYUwXuxCceaOer2vKUIVjmbn1E+USQKBgQD+1nk9WP5/YfGZXUhr
|
||||
D0W+I8Fd1ob+3qVTEsiDHnbcKIk/weGw0OwvSQlXF9DUOyvpYG77IK+SvEvNo+UK
|
||||
k8QR8hz58qq1vk7l6AqlELKjLIfblSMwlmWjXngmo31Zgzatgj+0wJ57/yQRA6WH
|
||||
PkAP5mL5Ok2ryaMMCtmXtGbl3wKBgQC2i24rVTy7XxDM1Wt1exdDAy4jEACt/XZ2
|
||||
oYwwyvNJshv2j7e6UPF0t44/2+xhovSSbWvUemGoOYESO1gDWFrkfcp7ahKTOBkc
|
||||
bWRlHzCaf4AdEK0wanRAE9CybcN6CFAIIbrr7J7fHSxPQQoyKy53aIfx67Ji1Yzw
|
||||
HKyOT9sJjwKBgQCg8XcUhZYFgSgCgeVwp+6WDSLcTtZnNNoYwy4bkSvkEz3LJHmT
|
||||
H/9qRag+du4Oe2haNeshcx0vgPgm4bGPoo8b/lrKiLXDnnNZw9ilMwx+/Wq4BVJ6
|
||||
JyH9sXYUgQBzfekUX8Q4NcZh7Vsr26+44Fm5MPmlCWtwaSIuQtP1eZva5QKBgQCL
|
||||
UkGEWyreCwGEhELeyFKJt8ynwBf0s2WNx2B7APrMPV7wQOJGFm8i2NF91blFD51A
|
||||
gLjy03DjdvgW1Sooa2/7wjIfHWcN65vmwWsFbtemozdBd6/nKuiM21LGS9YMtnl2
|
||||
q1/Bnrfmq5pc5tQEVEbDpglTz8M3gatuu0PL3hDb6wKBgE0J+j4DiqDajPiBZCCm
|
||||
LChDx05Y1N11yl/aiclfuUJ6ay1CANM+/pFFtDwhC75Grog2hKn6ISu7R1Q7Of6u
|
||||
zHL59It4RDWvTDBZZNOESk3zgnyRp8h1ooe6+cyBwuz0CL5zAcLSOVxXCczeJ+bA
|
||||
I81gVl6G430Q8uVsQNriTTgk
|
||||
-----END PRIVATE KEY-----
|
||||
@@ -0,0 +1,23 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID6zCCAtOgAwIBAgIUJ5L6dCicY2Pr7gYosf23mTIYWWAwDQYJKoZIhvcNAQEL
|
||||
BQAwgYMxCzAJBgNVBAYTAlNFMR4wHAYDVQQIDBVWw4PCpHN0cmEgR8ODwrZ0YWxh
|
||||
bmQxEjAQBgNVBAcMCVN2YW5lc3VuZDEwMC4GA1UECgwnVW5ib3VuZCBTb2Z0d2Fy
|
||||
ZSBEZXZlbG9wbWVudCBTdmVuc2thIEFCMQ4wDAYDVQQDDAVsb2NhbDAgFw0yNTEy
|
||||
MTAwNjM1NDBaGA8zMDI1MDQxMjA2MzU0MFowgYMxCzAJBgNVBAYTAlNFMR4wHAYD
|
||||
VQQIDBVWw4PCpHN0cmEgR8ODwrZ0YWxhbmQxEjAQBgNVBAcMCVN2YW5lc3VuZDEw
|
||||
MC4GA1UECgwnVW5ib3VuZCBTb2Z0d2FyZSBEZXZlbG9wbWVudCBTdmVuc2thIEFC
|
||||
MQ4wDAYDVQQDDAVsb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
|
||||
ALW3RlC8jKVVLzoqgcjbOtoGnJQ6P6vA4GgY2GT2GSrITi1kcZtXn+Iinq3tX6kn
|
||||
J2SrCU7ZOxIUbR1Z7e5vEYA0T6uzF6MZ93Yyjuz8jACzWJ927WY4qP4k5jTKkyTK
|
||||
QihL0rLBh3q/jQdYvnsgLkhMwHdMRzilM4mbk/I6hseBVzpih+NCWHaTKtT/9c+h
|
||||
Xjmd5dn+uU+wgqKsP7yYdnnmm3fK9PTBIbDgNlGRNGAFBj32Nwpfz3BrDWI0ZHW+
|
||||
IypuGA406oF31ReTIw9ZQ2oRt9gjDaaouKN0qOy9gggrLibL5MNQQkK+ibTAx3Rw
|
||||
8Xa5YS+NFBb/eRJLvdpUPpECAwEAAaNTMFEwHQYDVR0OBBYEFArFf7jQ/EcwPsDq
|
||||
PuBqaVgL5bqEMB8GA1UdIwQYMBaAFArFf7jQ/EcwPsDqPuBqaVgL5bqEMA8GA1Ud
|
||||
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACN8RLwk4vj8s8KGM1aDydlX
|
||||
UbHjdZVa7Cgq6oCm/Le5DuEqRAcNv6/E6LT7g6nMwmJPRROh217MX26+LcrifLiD
|
||||
1dpYHl79A+7RvHW2okvOucXg+qN03qShhv70jgJu0q4BfNJjRo27u0QoUMmJZ5ZG
|
||||
vyeLTi72d3iuwKtPk6/Q7nUGMiGDN9cKY+GvMB65U4sWX807ZbgxtfOfB/Lrbydo
|
||||
UEQSpMGe6DiDj5gZcvHcNEEP6ZG8riaF406At3y86LA19XbYj4AJI1xZVPO+eb/C
|
||||
mW5CaMrDgyLhGx1XRoVY9KfWjzJzjR/A1MPevpVbA1Oom0DkV3OCeaBcncr5faA=
|
||||
-----END CERTIFICATE-----
|
||||
Reference in New Issue
Block a user