You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, i want to use client encryption in cassandra, and implement it via cert-manager+k8ssandra-operator. I create certificate via cert-manager and enable following options
Then cert-manager add in secret ssl-test-jks-keystore with key keystore.jks/truststore.jks, i use this secret in k8ssandraCluster spec, to define my keystore/trustore via clientEncryptionStores section. But k8ssandra-operator and cert-manager hard-coded key name in secret. K8ssandra-operator expect - keystore,trustore, but cert-manager used keystore.jks,trustore.jks .
Could you change default constants according default key of cert-manager or make key name configurable?
Second problem, that keystore-password also hardcoded and expected in the same secret as keystore, cert-manager store it different secret, password secret managed by user, keystore secret managed by cert-managed. According above code keystore will be in secreet ssl-test-jks-keystore secret, password will be in jks-password secret
Could you extend of API encyption.Store to fix following cases and change defaults according cert-manager(or make native support of cert-manager via Certificate resources instead of Secret)?
┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: K8SSAND-1828
┆priority: Medium
The text was updated successfully, but these errors were encountered:
sync-by-unitobot
changed the title
Make keystore-password, keystore, trustore keys in secret configurable
K8SSAND-1828 ⁃ Make keystore-password, keystore, trustore keys in secret configurable
Oct 14, 2022
Hi, i want to use client encryption in cassandra, and implement it via cert-manager+k8ssandra-operator. I create certificate via cert-manager and enable following options
Then cert-manager add in secret
ssl-test-jks-keystore
with keykeystore.jks/truststore.jks
, i use this secret in k8ssandraCluster spec, to define my keystore/trustore viaclientEncryptionStores
section. But k8ssandra-operator and cert-manager hard-coded key name in secret. K8ssandra-operator expect -keystore,trustore
, but cert-manager usedkeystore.jks,trustore.jks
.Could you change default constants according default key of cert-manager or make key name configurable?
https://github.com/cert-manager/cert-manager/blob/2db62c21c337cb5af3ea9dce1cbc0b69cfc7c509/pkg/controller/certificates/issuing/internal/keystore.go#L46
https://github.com/k8ssandra/k8ssandra-operator/blob/32c4fcfdebc5b28b9c731bca8ada9ab79e3910a8/pkg/encryption/encryption_stores.go#L30
Second problem, that
keystore-password
also hardcoded and expected in the same secret askeystore
, cert-manager store it different secret, password secret managed by user, keystore secret managed by cert-managed. According above code keystore will be in secreetssl-test-jks-keystore
secret, password will be injks-password
secretCould you extend of API
encyption.Store
to fix following cases and change defaults according cert-manager(or make native support of cert-manager via Certificate resources instead of Secret)?┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: K8SSAND-1828
┆priority: Medium
The text was updated successfully, but these errors were encountered: