File tree Expand file tree Collapse file tree 1 file changed +33
-1
lines changed Expand file tree Collapse file tree 1 file changed +33
-1
lines changed Original file line number Diff line number Diff line change 1- # CA Completer
1+ # Cert Completer
2+
3+ Cert Completer is a small Kubernetes operator that ensures that all TLS secrets
4+ have a valid ` ca.crt ` .
5+
6+ It addresses a specific issue with the (Let's Encrypt) ACME provider in
7+ [ cert-manager] ( https://github.com/jetstack/cert-manager ) , where certificates
8+ are lacking a CA in the ` ca.crt ` key of the generated secret. Although issues
9+ have been raised to fill the ` ca.crt `
10+ (see [ #2111 ] ( https://github.com/jetstack/cert-manager/issues/2111 ) and
11+ [ #1571 ] ( https://github.com/jetstack/cert-manager/issues/1571 ) ), it is not clear
12+ if and when these issues will be resolved. Cert Completer is an attempt to patch
13+ this issue immediately regardless of the cert-manager version.
14+
15+ To provide each TLS secret with a ` ca.crt ` , the operator parses the certificate
16+ chain in ` tls.crt ` . It uses the last (top-most) certificate in this chain for
17+ ` ca.crt ` . Although this does not guarantee that ` ca.crt ` contains a root CA, it
18+ does guarantee that the CA present is valid for the TLS secret.
19+
20+ ## Installation
21+
22+ Using pre-built resources:
23+ ``` bash
24+ kubectl apply -f https://raw.githubusercontent.com/erwinvaneyk/cert-completer/master/cert-completer.yaml
25+ ```
26+
27+ Using Kustomize (requires kubectl > 1.15):
28+ ``` bash
29+ kubectl apply -k github.com/erwinvaneyk/cert-completer//config/default
30+ ```
31+
32+ Clone and modify [ ./config/default/kustomization.yaml] for alternative,
33+ custom deployments.
You can’t perform that action at this time.
0 commit comments