Skip to content

VPS: add ca.crt from issuing CA for tls secret type #848

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 10, 2024
Merged

VPS: add ca.crt from issuing CA for tls secret type #848

merged 1 commit into from
Jul 10, 2024

Conversation

benashz
Copy link
Collaborator

@benashz benashz commented Jul 10, 2024
edited
Loading

This PR automatically includes the issuing CA from Vault in the K8s secret data when the secret's type is kubernetes.io/tls. It also modifies the rendering behaviour by omitting any key that does not have a corresponding field in the Vault PKI data.

Sample k8s secret data:

apiVersion: v1
data:
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0[...]
  tls.crt: LS0tLS1CRUdJTiB[...]
  tls.key: LS0tLS1CRUdJTiB[...]
  [...]
kind: Secret
metadata:
  creationTimestamp: "2024-07-10T15:01:33Z"
  labels:
    app.kubernetes.io/component: secret-sync
    app.kubernetes.io/managed-by: hashicorp-vso
    app.kubernetes.io/name: vault-secrets-operator
    secrets.hashicorp.com/vso-ownerRefUID: 6a1d7956-7c5f-4f19-b5fe-2b2cf5114508
  name: create-tls-create-0
  namespace: vps-6f3gryr35xf21hpf-app
  ownerReferences:
  - apiVersion: secrets.hashicorp.com/v1beta1
    kind: VaultPKISecret
    name: create-tls-create-0
    uid: 6a1d7956-7c5f-4f19-b5fe-2b2cf5114508
  resourceVersion: "58680"
  uid: aeeec1c0-4f62-4102-b58f-09f854efb5f0
type: kubernetes.io/tls

@benashz benashz linked an issue Jul 10, 2024 that may be closed by this pull request
[VaultPKISecret] Populate ca.crt from the vault issuing_ca #178
Closed
@benashz benashz marked this pull request as ready for review July 10, 2024 15:49
@benashz benashz requested a review from a team as a code owner July 10, 2024 15:49
@benashz benashz requested a review from tvoran July 10, 2024 15:49
@benashz benashz force-pushed the VAULT-28556/vps-add-ca-crt-for-tls-secret-type branch from f107a2d to 94130a4 Compare July 10, 2024 16:03
@benashz benashz added this to the v0.8.0 milestone Jul 10, 2024
@benashz benashz merged commit 1cf4961 into main Jul 10, 2024
@benashz benashz deleted the VAULT-28556/vps-add-ca-crt-for-tls-secret-type branch July 10, 2024 17:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tvoran tvoran tvoran approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.8.0
Development

Successfully merging this pull request may close these issues.

[VaultPKISecret] Populate ca.crt from the vault issuing_ca
2 participants
@benashz @tvoran