Testing CA Certificate #169

shaneutt · 2021-12-01T21:54:22Z

Problem Statement

The cert-manager addon presently provides a default Issuer that provides "self-signed" certificates. Using self-signed certificates presents many challenges and is in general "hacky".

Proposed Solution

Generate an upfront CA Certificate that is used for the duration of a test cluster's lifecycle, and installed as the default issuer.

Acceptance Criteria

kind and GKE cluster implementations both install the KTF CA on nodes during cluster deployment for container runtime trust
the cert-manager addon is configured to use the KTF CA as the default Issuer
the registry addon switches to using a cert signed by the KTF CA to avoid cluster-specific installation of the currently present self-signed cert

The text was updated successfully, but these errors were encountered:

mflendrich · 2022-03-10T18:19:06Z

Closing "won't fix" because of insufficient demand at this moment.

shaneutt added area/feature New feature or request priority/medium labels Dec 1, 2021

shaneutt mentioned this issue Dec 1, 2021

feat: registry addon #170

Merged

shaneutt added the good first issue Good for newcomers label Feb 3, 2022

mflendrich added priority/low and removed priority/medium labels Mar 10, 2022

mflendrich closed this as completed Mar 10, 2022

Molter73 mentioned this issue Mar 7, 2024

Pushing to a registry addon from the host fails with "certificate signed by unknown authority" #992

Open

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Testing CA Certificate #169

Testing CA Certificate #169

shaneutt commented Dec 1, 2021 •

edited

Loading

mflendrich commented Mar 10, 2022

Testing CA Certificate #169

Testing CA Certificate #169

Comments

shaneutt commented Dec 1, 2021 • edited Loading

Problem Statement

Proposed Solution

Acceptance Criteria

mflendrich commented Mar 10, 2022

shaneutt commented Dec 1, 2021 •

edited

Loading