-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Self signed issuer #228
base: master
Are you sure you want to change the base?
Self signed issuer #228
Conversation
Skipping CI for Draft Pull Request. |
f60c915
to
9c51ce4
Compare
9c51ce4
to
4f9cd53
Compare
4f9cd53
to
b226841
Compare
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your contribution.
I have some requests for improvement:
- duration should also be handled by CA and ACME issuers
- creating a CA certificate with
.spec.csr
does not yet work correctly
b8ef76c
to
4d2ac6f
Compare
4d2ac6f
to
3a42098
Compare
3a42098
to
da5537b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Found some nits.
4aa16d9
to
3d49116
Compare
/test all |
Co-authored-by: Martin Weindel <martin.weindel@sap.com>
3d49116
to
32bd917
Compare
What this PR does / why we need it:
Create a self signed certificate was already possible using a CA issuer. Using this approach you need to manually create a self-signed certificate using
openssl
, create a secret out of it and reference this secret in your CA issuer.To simplify this manual process a new issuer of type
selfSigned
is created, which creates a self signed certificate.In addition two additional features are added:
duration
(lifetime of the certificate). This field may be ignored by the issuer (especially Let's encrypt)csr
is now possible with issuers of typeselfSigned
andca
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Release note: