argoyle
57b1aef485
Adds a self-signed CA configuration and a certificate for the shiny organization. This change creates a Kubernetes Secret for the CA key pair and an Issuer that references this Secret. A Certificate resource is created to automate certificate provisioning for specified DNS names, improving the infrastructure's security and facilitating testing.
905 B
905 B
Certificates
This section contains the CA certificates used for testing. The only step necessary is to install the CA. The rest of the documentation is for reference.
Setup
First we generate a key for our CA certificate:
openssl genrsa -out local-ca.key 2048
Then generate the CA certificate:
openssl req -new -x509 -nodes -days 365000 \
-key local-ca.key \
-out local-ca.pem
Generate a k8s secret:
kubectl create secret generic ca-key-pair2 \
--from-literal=tls.crt="$(cat local-ca.pem)" \
--from-literal=tls.key="$(cat local-ca.key)"
The certificates.yaml contains the secrets already and wil be used by cert-manager to sign certificates.
Install and trust the CA
sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" local-ca.pem