You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Certyaml shall be able to store generated certificates to Kubernetes secrets, besides storing them in files in filesystem.
API description
Draft for the API:
(1) Store certificate and private key to secret ca in namespace default. By default the certificate is stored in file tls.crt and private key in file tls.key. Secret type will default to kubernetes.io/tls.
subject: cn=cakubernetes:
- secret: ca
(2) Store only certificate to secret ca in namespace myapp. Certificate is stored in file ca.pem. Secret type will default to Opaque.
(3) Store certificate and private key in secret server-cert in namespace default. The filenames are explicitly set. Certificate will be stored in file server.pem and private key in file server-key.pem. Secret type will default to Opaque.
(4) Store CA certificate to verify clients in file ca.pem, server certificate in file tls.crt and private key in file tls.key. All files are stored in single secret server-credentials in namespace default. Secret type will default to kubernetes.io/tls.
(5) Store certificate in file tls.crt and private key in file tls.key in secret client of type Opaque by overriding the default type for a secret with this content.
When secret type is not explicitly set by user, it is determined automatically. The complete manifest is processed to collect a full list of secrets and their content before creating any secrets. Following rules are used to select type of each secret:
When files tls.crt and tls.key are present and kubernetes.type is not set, then type kubernetes.io/tls is used by default.
When files tls.crt and tls.key are missing and kubernetes.type is not set, then type Opaque is used by default.
If kubernetes.type is set multiple times using conflicting values, then processing is stopped and error is printed.
Example of invalid manifest:
subject: cn=cakubernetes:
- secret: servertype: Opaque # error: server secret has conflicting types
---
subject: cn=serverissuer: cn=cakubernetes
- secret: servertype: kubernetes.io/tls # error: server secret has conflicting types
The text was updated successfully, but these errors were encountered:
Certyaml shall be able to store generated certificates to Kubernetes secrets, besides storing them in files in filesystem.
API description
Draft for the API:
(1) Store certificate and private key to secret
ca
in namespacedefault
. By default the certificate is stored in filetls.crt
and private key in filetls.key
. Secret type will default tokubernetes.io/tls
.(2) Store only certificate to secret
ca
in namespacemyapp
. Certificate is stored in fileca.pem
. Secret type will default toOpaque
.(3) Store certificate and private key in secret
server-cert
in namespacedefault
. The filenames are explicitly set. Certificate will be stored in fileserver.pem
and private key in fileserver-key.pem
. Secret type will default toOpaque
.(4) Store CA certificate to verify clients in file
ca.pem
, server certificate in filetls.crt
and private key in filetls.key
. All files are stored in single secretserver-credentials
in namespacedefault
. Secret type will default tokubernetes.io/tls
.(5) Store certificate in file
tls.crt
and private key in filetls.key
in secretclient
of typeOpaque
by overriding the default type for a secret with this content.When secret type is not explicitly set by user, it is determined automatically. The complete manifest is processed to collect a full list of secrets and their content before creating any secrets. Following rules are used to select type of each secret:
tls.crt
andtls.key
are present andkubernetes.type
is not set, then typekubernetes.io/tls
is used by default.tls.crt
andtls.key
are missing andkubernetes.type
is not set, then typeOpaque
is used by default.If
kubernetes.type
is set multiple times using conflicting values, then processing is stopped and error is printed.Example of invalid manifest:
The text was updated successfully, but these errors were encountered: