Skip to content

Commit

Permalink
Merge pull request #19 from KarolinHem/main
Browse files Browse the repository at this point in the history
Align with EJBCA & SignServer template repo
  • Loading branch information
m8rmclaren authored May 2, 2024
2 parents ecd315a + ec5f299 commit ea97ba3
Show file tree
Hide file tree
Showing 14 changed files with 232 additions and 50 deletions.
45 changes: 45 additions & 0 deletions .github/ISSUE_TEMPLATE/bug-report.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
---
name: Bug report
about: Create a report to help us improve
title: "[BUG]"
labels: bug
assignees: ''

---

**Describe the Bug**

A clear and concise description of what the bug is.

**To Reproduce**

Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

**Expected Behavior**

A clear and concise description of what you expected to happen.

**Screenshots and Logs**

If applicable, add screenshots and logs to help explain your problem.

**Product Deployment**

Please complete the following information:
- Deployment format: [e.g. software, container]
- Version [e.g. 8.0.0]

**Desktop**

Please complete the following information:
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]

**Additional Context**

Add any other context about the problem here.
7 changes: 7 additions & 0 deletions .github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
blank_issues_enabled: true

# Update url below as needed.
contact_links:
- name: GitHub Discussions
url: https://github.com/Keyfactor/ejbca-ce/discussions
about: Join in-depth discussions or ask questions
25 changes: 25 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: ''
assignees: ''

---

**Is your feature request related to a problem or specific use case? Please describe.**
A clear and concise description of the problem or use case.

**Describe the solution you'd like**
A clear and concise description of what you want to happen.

**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.

**Product deployment**
Please complete the following information:
- Deployment format: [e.g. software, container]
- Version [e.g. 8.0.0]

**Additional context**
Add any other context or screenshots about the feature request here.
Binary file added .github/images/community-ejbca.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added .github/images/community-signserver.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added .github/images/keyfactor-ejbca-enterprise.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
16 changes: 16 additions & 0 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
## Describe your changes

<!--- Please describe your changes in detail. Include the motivation for the changes, e.g. what problem it solves or if it fixes a bug. -->

## How has this been tested?

<!--- If relevant, please describe any tests you ran to verify your changes. -->

## Checklist before requesting a review
<!--- To check or uncheck a box, switch between "[x]" and "[ ]" below. -->

- [ ] I have performed a self-review of my code
- [ ] I have kept the patch limited to only change the parts related to the patch
- [ ] This change requires a documentation update

See also [Contributing Guidelines](../../CONTRIBUTING.md).
7 changes: 7 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Contributing Guidelines

For information on how to contribute to EJBCA and related tools, see [EJBCA Contributing Guidelines](https://github.com/Keyfactor/ejbca-ce/blob/main/CONTRIBUTING.md).

<!--- For SignServer: Use this text instead:
For information on how to contribute to SignServer and related tools, see [SignServer Contributing Guidelines](https://github.com/Keyfactor/signserver-ce/blob/main/CONTRIBUTING.md).
--->
66 changes: 33 additions & 33 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,52 +1,53 @@
</a>
<!--EJBCA Enterprise logo -->
<a href="https://www.keyfactor.com/products/ejbca-enterprise/">
<img src=".github/images/keyfactor-ejbca-enterprise.png?raw=true)" alt="EJBCA logo" title="EJBCA" height="70" />
</a>

# ejbca-k8s-csr-signer

An implementation of the Kubernetes CSR signing API that routes Certificate Signing Requests from the cluster to the EJBCA Enrollment API

#### Integration status: Production - Ready for use in production environments.

## About the Keyfactor API Client

This API client allows for programmatic management of Keyfactor resources.

## Support for ejbca-k8s-csr-signer

ejbca-k8s-csr-signer is open source and supported on best effort level for this tool/library/client. This means customers can report Bugs, Feature Requests, Documentation amendment or questions as well as requests for customer information required for setup that needs Keyfactor access to obtain. Such requests do not follow normal SLA commitments for response or resolution. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com/

###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
# EJBCA Certificate Signing Request Proxy for K8s

---
[![Go Report Card](https://goreportcard.com/badge/github.com/Keyfactor/ejbca-k8s-csr-signer)](https://goreportcard.com/report/github.com/Keyfactor/ejbca-k8s-csr-signer) [![GitHub tag (latest SemVer)](https://img.shields.io/github/v/tag/keyfactor/ejbca-k8s-csr-signer?label=release)](https://github.com/keyfactor/ejbca-k8s-csr-signer/releases) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![license](https://img.shields.io/github/license/keyfactor/ejbca-k8s-csr-signer.svg)]()

The EJBCA Certificate Signing Request Proxy for K8s forwards certificate signing requests generated by Kubernetes to [EJBCA](https://www.primekey.com/products/ejbca-enterprise/) for signing by a trusted enterprise certificate authority. The signer operates within the [K8s CertificateSigningRequests API](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/) and implements a Controller that uses the the V1 CertificateSigningRequests informer to handle associated resources. CSRs are only enrolled if they are approved using an [approver](https://github.com/kubernetes/kubernetes/tree/master/pkg/controller/certificates/approver).

---
## Get started

To get started with the EJBCA Certificate Signing Request (CSR) Proxy for K8s, see [Getting started](https://github.com/Keyfactor/ejbca-k8s-csr-signer/blob/main/docs/getting-started.md).

For more information on usage, configuration, and integration, see the following links:
* [Demo usage with Istio](docs/istio-deployment.markdown)
* [Runtime Customization](docs/annotations.markdown)
* [End Entity Name Selection](docs/endentitynamecustomization.markdown)
* [Testing](docs/testing.markdown)

<a href="https://kubernetes.io">
<img src="https://kubernetes.io/images/favicon.png" alt="Kubernetes logo" title="K8s" align="left" height="50" />
</a>
#### System Requirements

<a href="https://kubernetes.io">
<img src="https://helm.sh/img/helm.svg" alt="Helm logo" title="K8s" align="left" height="50" />
</a>
To run the EJBCA K8s CSR Signer container a system should fulfill these minimum requirements:

# EJBCA Certificate Signing Request Proxy for K8s
* CPU: 100m
* RAM: 128MB

## Migration from EJBCA CSR Signer v1.0 to v2.0

[![Go Report Card](https://goreportcard.com/badge/github.com/Keyfactor/ejbca-k8s-csr-signer)](https://goreportcard.com/report/github.com/Keyfactor/ejbca-k8s-csr-signer) [![GitHub tag (latest SemVer)](https://img.shields.io/github/v/tag/keyfactor/ejbca-k8s-csr-signer?label=release)](https://github.com/keyfactor/ejbca-k8s-csr-signer/releases) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![license](https://img.shields.io/github/license/keyfactor/ejbca-k8s-csr-signer.svg)]()
The EJBCA CSR Signer v2.0 has breaking changes from v1.0. To migrate from v1.0 to v2.0, uninstall the v1.0 deployment and install the v2.0 deployment. The v2.0 deployment uses the same configuration as v1.0, but the configuration is now stored in a Kubernetes ConfigMap. See the [Getting Started](docs/getting-started.markdown) to install the v2.0 deployment.

The EJBCA Certificate Signing Request Proxy for K8s forwards certificate signing requests generated by Kubernetes to [EJBCA](https://www.primekey.com/products/ejbca-enterprise/) for signing by a trusted enterprise certificate authority. The signer operates within the [K8s CertificateSigningRequests API](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/) and implements a Controller that uses the the V1 CertificateSigningRequests informer to handle associated resources. CSRs are only enrolled if they are approved using an [approver](https://github.com/kubernetes/kubernetes/tree/master/pkg/controller/certificates/approver).
## Community Support
In the [Keyfactor Community](https://www.keyfactor.com/community/), we welcome contributions.

## Community supported
We welcome contributions.
The Community software is open-source and community-supported, meaning that **no SLA** is applicable.

The cert-manager external issuer for Keyfactor command is open source and community supported, meaning that there is **no SLA** applicable for these tools.
* To report a problem or suggest a new feature, go to [Issues](../../issues).
* If you want to contribute actual bug fixes or proposed enhancements, see the [Contributing Guidelines](CONTRIBUTING.md) and go to [Pull requests](../../pulls).

###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, see the [contribution guidelines](https://github.com/Keyfactor/command-k8s-csr-signer/blob/main/CONTRIBUTING.md) and use the **[Pull requests](../../pulls)** tab.
## Commercial Support

## Migration from EJBCA CSR Signer v1.0 to v2.0
Commercial support is available for [EJBCA Enterprise](https://www.keyfactor.com/products/ejbca-enterprise/).

The EJBCA CSR Signer v2.0 has breaking changes from v1.0. To migrate from v1.0 to v2.0, uninstall the v1.0 deployment and install the v2.0 deployment. The v2.0 deployment uses the same configuration as v1.0, but the configuration is now stored in a Kubernetes ConfigMap. See the [Getting Started](docs/getting-started.markdown) to install the v2.0 deployment.
## License
For license information, see [LICENSE](LICENSE).

## Related Projects
See all [Keyfactor EJBCA GitHub projects](https://github.com/orgs/Keyfactor/repositories?q=ejbca).
## Documentation
* [Getting Started](docs/getting-started.markdown)
* Usage
Expand All @@ -56,4 +57,3 @@ The EJBCA CSR Signer v2.0 has breaking changes from v1.0. To migrate from v1.0 t
* [Testing](docs/testing.markdown)
* [License](LICENSE)


54 changes: 54 additions & 0 deletions README_NEW.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
<!--EJBCA Community logo -->
<a href="https://ejbca.org">
<img src="community-ejbca.png?raw=true)" alt="EJBCA logo" title="EJBCA" height="70" />
</a>
<!--EJBCA Enterprise logo -->
<a href="https://www.keyfactor.com/products/ejbca-enterprise/">
<img src="keyfactor-ejbca-enterprise.png?raw=true)" alt="EJBCA logo" title="EJBCA" height="70" />
</a>

# EJBCA Certificate Signing Request Proxy for K8s

[![Go Report Card](https://goreportcard.com/badge/github.com/Keyfactor/ejbca-k8s-csr-signer)](https://goreportcard.com/report/github.com/Keyfactor/ejbca-k8s-csr-signer) [![GitHub tag (latest SemVer)](https://img.shields.io/github/v/tag/keyfactor/ejbca-k8s-csr-signer?label=release)](https://github.com/keyfactor/ejbca-k8s-csr-signer/releases) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![license](https://img.shields.io/github/license/keyfactor/ejbca-k8s-csr-signer.svg)]()

The EJBCA Certificate Signing Request Proxy for K8s forwards certificate signing requests generated by Kubernetes to [EJBCA](https://www.primekey.com/products/ejbca-enterprise/) for signing by a trusted enterprise certificate authority. The signer operates within the [K8s CertificateSigningRequests API](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/) and implements a Controller that uses the the V1 CertificateSigningRequests informer to handle associated resources. CSRs are only enrolled if they are approved using an [approver](https://github.com/kubernetes/kubernetes/tree/master/pkg/controller/certificates/approver).

## Get started

To get started with the EJBCA Certificate Signing Request (CSR) Proxy for K8s, see [Getting started](https://github.com/Keyfactor/ejbca-k8s-csr-signer/blob/main/docs/getting-started.md).

For more information on usage, configuration, and integration, see the following links:
* [Demo usage with Istio](docs/istio-deployment.markdown)
* [Runtime Customization](docs/annotations.markdown)
* [End Entity Name Selection](docs/endentitynamecustomization.markdown)
* [Testing](docs/testing.markdown)

#### System Requirements

To run the EJBCA K8s CSR Signer container a system should fulfill these minimum requirements:

* CPU: 100m
* RAM: 128MB

## Migration from EJBCA CSR Signer v1.0 to v2.0

The EJBCA CSR Signer v2.0 has breaking changes from v1.0. To migrate from v1.0 to v2.0, uninstall the v1.0 deployment and install the v2.0 deployment. The v2.0 deployment uses the same configuration as v1.0, but the configuration is now stored in a Kubernetes ConfigMap. See the [Getting Started](docs/getting-started.markdown) to install the v2.0 deployment.

## Community Support
In the [Keyfactor Community](https://www.keyfactor.com/community/), we welcome contributions.

The Community software is open-source and community-supported, meaning that **no SLA** is applicable.

* To report a problem or suggest a new feature, go to [Issues](../../issues).
* If you want to contribute actual bug fixes or proposed enhancements, see the [Contributing Guidelines](CONTRIBUTING.md) and go to [Pull requests](../../pulls).

## Commercial Support

Commercial support is available for [EJBCA Enterprise](https://www.keyfactor.com/products/ejbca-enterprise/).

## License
For license information, see [LICENSE](LICENSE).

## Related Projects
See all [Keyfactor EJBCA GitHub projects](https://github.com/orgs/Keyfactor/repositories?q=ejbca).

7 changes: 7 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Security Policy

To read our Security Policy, see [EJBCA Security Policy](https://github.com/Keyfactor/ejbca-ce/blob/main/SECURITY.md).

<!--- For SignServer: Use this text instead:
To read our Security Policy, see [SignServer Security Policy](https://github.com/Keyfactor/signserver-ce/blob/main/SECURITY.md).
--->
1 change: 1 addition & 0 deletions integration-manifest.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
"name": "ejbca-k8s-csr-signer",
"status": "production",
"link_github": true,
"update_catalog": true,
"platform_matrix": "linux/arm64,linux/amd64,linux/s390x,linux/ppc64le",
"description": "An implementation of the Kubernetes CSR signing API that routes Certificate Signing Requests from the cluster to the EJBCA Enrollment API",
"support_level": "kf-community",
Expand Down
54 changes: 37 additions & 17 deletions readme_source.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
<a href="https://kubernetes.io">
<img src="https://kubernetes.io/images/favicon.png" alt="Kubernetes logo" title="K8s" align="left" height="50" />
<!--EJBCA Community logo -->
<a href="https://ejbca.org">
<img src=".github/images/community-ejbca.png?raw=true)" alt="EJBCA logo" title="EJBCA" height="70" />
</a>

<a href="https://kubernetes.io">
<img src="https://helm.sh/img/helm.svg" alt="Helm logo" title="K8s" align="left" height="50" />
<!--EJBCA Enterprise logo -->
<a href="https://www.keyfactor.com/products/ejbca-enterprise/">
<img src=".github/images/keyfactor-ejbca-enterprise.png?raw=true)" alt="EJBCA logo" title="EJBCA" height="70" />
</a>

# EJBCA Certificate Signing Request Proxy for K8s
Expand All @@ -12,22 +13,41 @@

The EJBCA Certificate Signing Request Proxy for K8s forwards certificate signing requests generated by Kubernetes to [EJBCA](https://www.primekey.com/products/ejbca-enterprise/) for signing by a trusted enterprise certificate authority. The signer operates within the [K8s CertificateSigningRequests API](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/) and implements a Controller that uses the the V1 CertificateSigningRequests informer to handle associated resources. CSRs are only enrolled if they are approved using an [approver](https://github.com/kubernetes/kubernetes/tree/master/pkg/controller/certificates/approver).

## Community supported
We welcome contributions.
## Get started

To get started with the EJBCA Certificate Signing Request (CSR) Proxy for K8s, see [Getting started](https://github.com/Keyfactor/ejbca-k8s-csr-signer/blob/main/docs/getting-started.md).

For more information on usage, configuration, and integration, see the following links:
* [Demo usage with Istio](docs/istio-deployment.markdown)
* [Runtime Customization](docs/annotations.markdown)
* [End Entity Name Selection](docs/endentitynamecustomization.markdown)
* [Testing](docs/testing.markdown)

The cert-manager external issuer for Keyfactor command is open source and community supported, meaning that there is **no SLA** applicable for these tools.
#### System Requirements

###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, see the [contribution guidelines](https://github.com/Keyfactor/command-k8s-csr-signer/blob/main/CONTRIBUTING.md) and use the **[Pull requests](../../pulls)** tab.
To run the EJBCA K8s CSR Signer container a system should fulfill these minimum requirements:

* CPU: 100m
* RAM: 128MB

## Migration from EJBCA CSR Signer v1.0 to v2.0

The EJBCA CSR Signer v2.0 has breaking changes from v1.0. To migrate from v1.0 to v2.0, uninstall the v1.0 deployment and install the v2.0 deployment. The v2.0 deployment uses the same configuration as v1.0, but the configuration is now stored in a Kubernetes ConfigMap. See the [Getting Started](docs/getting-started.markdown) to install the v2.0 deployment.

## Documentation
* [Getting Started](docs/getting-started.markdown)
* Usage
* [Demo usage with Istio](docs/istio-deployment.markdown)
* [Runtime Customization](docs/annotations.markdown)
* [End Entity Name Selection](docs/endentitynamecustomization.markdown)
* [Testing](docs/testing.markdown)
* [License](LICENSE)
## Community Support
In the [Keyfactor Community](https://www.keyfactor.com/community/), we welcome contributions.

The Community software is open-source and community-supported, meaning that **no SLA** is applicable.

* To report a problem or suggest a new feature, go to [Issues](../../issues).
* If you want to contribute actual bug fixes or proposed enhancements, see the [Contributing Guidelines](CONTRIBUTING.md) and go to [Pull requests](../../pulls).

## Commercial Support

Commercial support is available for [EJBCA Enterprise](https://www.keyfactor.com/products/ejbca-enterprise/).

## License
For license information, see [LICENSE](LICENSE).

## Related Projects
See all [Keyfactor EJBCA GitHub projects](https://github.com/orgs/Keyfactor/repositories?q=ejbca).

0 comments on commit ea97ba3

Please sign in to comment.