Skip to content
This repository was archived by the owner on Nov 20, 2023. It is now read-only.

Proof of concept #1

Merged
merged 1 commit into from
Mar 13, 2020
Merged

Proof of concept #1

merged 1 commit into from
Mar 13, 2020

Conversation

@wallrj
Copy link
Member

@wallrj wallrj commented Mar 11, 2020

Signs an approved CSR using a local CA key and certificate.

@jetstack-bot
Copy link
Contributor

jetstack-bot commented Mar 11, 2020

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: wallrj

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jetstack-bot jetstack-bot requested a review from munnerz March 11, 2020 15:59
munnerz
munnerz reviewed Mar 11, 2020
View reviewed changes
internal/kubernetes/signer/README.md Outdated
@@ -0,0 +1 @@
Copied from: https://github.com/kubernetes/kubernetes/tree/v1.18.0-beta.2/pkg/controller/certificates/signer
Copy link
Member

@munnerz munnerz Mar 11, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 thanks for the README here :) in future it may be worth extracting some of these stuff out into our own package, but this works!

Copy link
Member

@munnerz munnerz Mar 11, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's also worth noting this PR which allows configurable intermediate certs to be included as part of the Certificate: kubernetes/kubernetes#88741

@wallrj wallrj force-pushed the init branch 7 times, most recently from 7f4272b to 0b09b5b Compare March 12, 2020 14:51
@wallrj
A controller which signs CertificateSigningRequest using a CA file
da6adac 
* Watch CertificateSigningRequest resources
* Ignore unapproved
* Ignore unrecognised signerName values
* Create a signed Certificate signed by the supplied CA file
* Manifests to deploy the controller-manager
* Docker based build environment.
* Makefile for testing and building everything
* Brief documentation and demo in a README file

Signed-off-by: Richard Wall <[email protected]>
@wallrj wallrj changed the title WIP: CSR CA Signer Proof of concept Mar 12, 2020
@wallrj
Copy link
Member Author

wallrj commented Mar 12, 2020

@munnerz Please take another quick look.
I've addressed most of your comments.
Some of them I'll tackle in followup branches, if you don't mind.

There are no tests for this proof of concept, but I did add a short demo of the testing that I've been doing locally.

@wallrj wallrj mentioned this pull request Mar 12, 2020
Merged
@munnerz
Copy link
Member

munnerz commented Mar 13, 2020

/lgtm

@jetstack-bot jetstack-bot merged commit 1e47aa5 into cert-manager:master Mar 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@munnerz munnerz munnerz left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@munnerz munnerz

Labels

approved dco-signoff: yes lgtm size/XXL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wallrj @jetstack-bot @munnerz