Implement certificate management #193
Assignees
Labels
Milestone
Comments
jhmarina
added
the
kind/quality
3 tasks
|
@m-ildefons I'm also making experiments with certificate management since it is a hot topic for the integration with Epinio. |
giubacc
added
kind/enhancement
|
I suggest to go with: https://cert-manager.io/ |
|
The helm chart should allow to specify the clusterIssuer or Issuer that should be used with the ingress so that the SSL certificates can be created and maintaied automatically by cert-manager. |
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 25, 2022
Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
3 tasks
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 25, 2022
Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 29, 2022
Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 29, 2022
Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 29, 2022
Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 29, 2022
Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 29, 2022
Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 30, 2022
Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 30, 2022
Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 30, 2022
Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 30, 2022
- Ability to use an optional certificate manager: cert-manager,
to automatically provision TLS certificates. When using such feature,
cert-manager is a prerequisite.
- Usage of cert-manager is enabled by default and can be controlled by
the chart field:
- useCertManager
- The certificate manager will provision certificates for:
- S3 service's ingress (public domain)
- UI service's ingress (public domain)
- S3 service's internal endpoint (Kubernetes private domain)
- When installing a certificate manager, the user can choose between
two predefined ClusterIssuer:
- s3gw-ca
- s3gw-letsencrypt
- s3gw-ca can be used to generate self-signed certificates.
- s3gw-letsencrypt should be used for production environments.
- Please, note that when using a certificate manager, the s3gw-ca
ClusterIssuer will be used for generating certificates for the S3 service's
internal endpoint.
- When the user chooses not to employ a certificate manager,
TLS secrets must be filled manually. A series of fields
have been added to the chart for this purpose:
- tls.publicDomain.crt
- tls.publicDomain.key
- tls.privateDomain.crt
- tls.privateDomain.key
- tls.ui.publicDomain.crt
- tls.ui.publicDomain.key
- The user can choose a custom ClusterIssuer by setting the chart fields:
- useCustomTlsIssuer and customTlsIssuer
Fixes: aquarist-labs/s3gw-tools#193
Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 30, 2022
- Ability to use an optional certificate manager: cert-manager,
to automatically provision TLS certificates. When using such feature,
cert-manager is a prerequisite.
- Usage of cert-manager is enabled by default and can be controlled by
the chart field:
- useCertManager
- The certificate manager will provision certificates for:
- S3 service's ingress (public domain)
- UI service's ingress (public domain)
- S3 service's internal endpoint (Kubernetes private domain)
- When installing a certificate manager, the user can choose between
two predefined ClusterIssuer:
- s3gw-ca
- s3gw-letsencrypt
- s3gw-ca can be used to generate self-signed certificates.
- s3gw-letsencrypt should be used for production environments.
- Please, note that when using a certificate manager, the s3gw-ca
ClusterIssuer will be used for generating certificates for the S3 service's
internal endpoint.
- When the user chooses not to employ a certificate manager,
TLS secrets must be filled manually. A series of fields
have been added to the chart for this purpose:
- tls.publicDomain.crt
- tls.publicDomain.key
- tls.privateDomain.crt
- tls.privateDomain.key
- tls.ui.publicDomain.crt
- tls.ui.publicDomain.key
- The user can choose a custom ClusterIssuer by setting the chart fields:
- useCustomTlsIssuer and customTlsIssuer
- Removed configuration options superseded by the newly added variables:
- `tls.crt`, `tls.key`
- `ui.tls.crt`, `ui.tls.key`
Fixes: aquarist-labs/s3gw-tools#193
Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 30, 2022
- Ability to use an optional certificate manager: cert-manager,
to automatically provision TLS certificates. When using such feature,
cert-manager is a prerequisite.
- Usage of cert-manager is enabled by default and can be controlled by
the chart field:
- useCertManager
- The certificate manager will provision certificates for:
- S3 service's ingress (public domain)
- UI service's ingress (public domain)
- S3 service's internal endpoint (Kubernetes private domain)
- When installing a certificate manager, the user can choose between
two predefined ClusterIssuer:
- s3gw-ca
- s3gw-letsencrypt
- s3gw-ca can be used to generate self-signed certificates.
- s3gw-letsencrypt should be used for production environments.
- Please, note that when using a certificate manager, the s3gw-ca
ClusterIssuer will be used for generating certificates for the S3 service's
internal endpoint.
- When the user chooses not to employ a certificate manager,
TLS secrets must be filled manually. A series of fields
have been added to the chart for this purpose:
- tls.publicDomain.crt
- tls.publicDomain.key
- tls.privateDomain.crt
- tls.privateDomain.key
- tls.ui.publicDomain.crt
- tls.ui.publicDomain.key
- The user can choose a custom ClusterIssuer by setting the chart fields:
- useCustomTlsIssuer and customTlsIssuer
- Removed configuration options superseded by the newly added variables:
- `tls.crt`, `tls.key`
- `ui.tls.crt`, `ui.tls.key`
Fixes: aquarist-labs/s3gw-tools#193
Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 30, 2022
- Ability to use an optional certificate manager: cert-manager,
to automatically provision TLS certificates. When using such feature,
cert-manager is a prerequisite.
- Usage of cert-manager is enabled by default and can be controlled by
the chart field:
- useCertManager
- The certificate manager will provision certificates for:
- S3 service's ingress (public domain)
- UI service's ingress (public domain)
- S3 service's internal endpoint (Kubernetes private domain)
- When installing a certificate manager, the user can choose between
two predefined ClusterIssuer:
- s3gw-ca
- s3gw-letsencrypt
- s3gw-ca can be used to generate self-signed certificates.
- s3gw-letsencrypt should be used for production environments.
- Please, note that when using a certificate manager, the s3gw-ca
ClusterIssuer will be used for generating certificates for the S3 service's
internal endpoint.
- When the user chooses not to employ a certificate manager,
TLS secrets must be filled manually. A series of fields
have been added to the chart for this purpose:
- tls.publicDomain.crt
- tls.publicDomain.key
- tls.privateDomain.crt
- tls.privateDomain.key
- tls.ui.publicDomain.crt
- tls.ui.publicDomain.key
- The user can choose a custom ClusterIssuer by setting the chart fields:
- useCustomTlsIssuer and customTlsIssuer
- Removed configuration options superseded by the newly added variables:
- `tls.crt`, `tls.key`
- `ui.tls.crt`, `ui.tls.key`
Fixes: aquarist-labs/s3gw-tools#193
Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 30, 2022
- Ability to use an optional certificate manager: cert-manager,
to automatically provision TLS certificates. When using such feature,
cert-manager is a prerequisite.
- Usage of cert-manager is enabled by default and can be controlled by
the chart field:
- useCertManager
- The certificate manager will provision certificates for:
- S3 service's ingress (public domain)
- UI service's ingress (public domain)
- S3 service's internal endpoint (Kubernetes private domain)
- When installing a certificate manager, the user can choose between
two predefined ClusterIssuer:
- s3gw-ca
- s3gw-letsencrypt
- s3gw-ca can be used to generate self-signed certificates.
- s3gw-letsencrypt should be used for production environments.
- Please, note that when using a certificate manager, the s3gw-ca
ClusterIssuer will be used for generating certificates for the S3 service's
internal endpoint.
- When the user chooses not to employ a certificate manager,
TLS secrets must be filled manually. A series of fields
have been added to the chart for this purpose:
- tls.publicDomain.crt
- tls.publicDomain.key
- tls.privateDomain.crt
- tls.privateDomain.key
- tls.ui.publicDomain.crt
- tls.ui.publicDomain.key
- The user can choose a custom ClusterIssuer by setting the chart fields:
- useCustomTlsIssuer and customTlsIssuer
- Removed configuration options superseded by the newly added variables:
- `tls.crt`, `tls.key`
- `ui.tls.crt`, `ui.tls.key`
Fixes: aquarist-labs/s3gw-tools#193
Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 30, 2022
- Ability to use an optional certificate manager: cert-manager,
to automatically provision TLS certificates. When using such feature,
cert-manager is a prerequisite.
- Usage of cert-manager is enabled by default and can be controlled by
the chart field:
- useCertManager
- The certificate manager will provision certificates for:
- S3 service's ingress (public domain)
- UI service's ingress (public domain)
- S3 service's internal endpoint (Kubernetes private domain)
- When installing a certificate manager, the user can choose between
two predefined ClusterIssuer:
- s3gw-ca
- s3gw-letsencrypt
- s3gw-ca can be used to generate self-signed certificates.
- s3gw-letsencrypt should be used for production environments.
- Please, note that when using a certificate manager, the s3gw-ca
ClusterIssuer will be used for generating certificates for the S3 service's
internal endpoint.
- When the user chooses not to employ a certificate manager,
TLS secrets must be filled manually. A series of fields
have been added to the chart for this purpose:
- tls.publicDomain.crt
- tls.publicDomain.key
- tls.privateDomain.crt
- tls.privateDomain.key
- tls.ui.publicDomain.crt
- tls.ui.publicDomain.key
- The user can choose a custom ClusterIssuer by setting the chart fields:
- useCustomTlsIssuer and customTlsIssuer
- Removed configuration options superseded by the newly added variables:
- `tls.crt`, `tls.key`
- `ui.tls.crt`, `ui.tls.key`
Fixes: aquarist-labs/s3gw-tools#193
Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 30, 2022
- Ability to use an optional certificate manager: cert-manager,
to automatically provision TLS certificates. When using such feature,
cert-manager is a prerequisite.
- Usage of cert-manager is enabled by default and can be controlled by
the chart field:
- useCertManager
- The certificate manager will provision certificates for:
- S3 service's ingress (public domain)
- UI service's ingress (public domain)
- S3 service's internal endpoint (Kubernetes private domain)
- When installing a certificate manager, the user can choose between
two predefined ClusterIssuer:
- s3gw-ca
- s3gw-letsencrypt
- s3gw-ca can be used to generate self-signed certificates.
- s3gw-letsencrypt should be used for production environments.
- Please, note that when using a certificate manager, the s3gw-ca
ClusterIssuer will be used for generating certificates for the S3 service's
internal endpoint.
- When the user chooses not to employ a certificate manager,
TLS secrets must be filled manually. A series of fields
have been added to the chart for this purpose:
- tls.publicDomain.crt
- tls.publicDomain.key
- tls.privateDomain.crt
- tls.privateDomain.key
- tls.ui.publicDomain.crt
- tls.ui.publicDomain.key
- The user can choose a custom ClusterIssuer by setting the chart fields:
- useCustomTlsIssuer and customTlsIssuer
- Removed configuration options superseded by the newly added variables:
- `tls.crt`, `tls.key`
- `ui.tls.crt`, `ui.tls.key`
Fixes: aquarist-labs/s3gw-tools#193
Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 30, 2022
- Ability to use an optional certificate manager: cert-manager,
to automatically provision TLS certificates. When using such feature,
cert-manager is a prerequisite.
- Usage of cert-manager is enabled by default and can be controlled by
the chart field:
- useCertManager
- The certificate manager will provision certificates for:
- S3 service's ingress (public domain)
- UI service's ingress (public domain)
- S3 service's internal endpoint (Kubernetes private domain)
- When installing a certificate manager, the user can choose between
two predefined ClusterIssuer:
- s3gw-ca
- s3gw-letsencrypt
- s3gw-ca can be used to generate self-signed certificates.
- s3gw-letsencrypt should be used for production environments.
- Please, note that when using a certificate manager, the s3gw-ca
ClusterIssuer will be used for generating certificates for the S3 service's
internal endpoint.
- When the user chooses not to employ a certificate manager,
TLS secrets must be filled manually. A series of fields
have been added to the chart for this purpose:
- tls.publicDomain.crt
- tls.publicDomain.key
- tls.privateDomain.crt
- tls.privateDomain.key
- tls.ui.publicDomain.crt
- tls.ui.publicDomain.key
- The user can choose a custom ClusterIssuer by setting the chart fields:
- useCustomTlsIssuer and customTlsIssuer
- Removed configuration options superseded by the newly added variables:
- `tls.crt`, `tls.key`
- `ui.tls.crt`, `ui.tls.key`
Fixes: aquarist-labs/s3gw-tools#193
Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Nov 30, 2022
- Ability to use an optional certificate manager: cert-manager,
to automatically provision TLS certificates. When using such feature,
cert-manager is a prerequisite.
- Usage of cert-manager is enabled by default and can be controlled by
the chart field:
- useCertManager
- The certificate manager will provision certificates for:
- S3 service's ingress (public domain)
- UI service's ingress (public domain)
- S3 service's internal endpoint (Kubernetes private domain)
- When installing a certificate manager, the user can choose between
two predefined ClusterIssuer:
- s3gw-ca
- s3gw-letsencrypt
- s3gw-ca can be used to generate self-signed certificates.
- s3gw-letsencrypt should be used for production environments.
- Please, note that when using a certificate manager, the s3gw-ca
ClusterIssuer will be used for generating certificates for the S3 service's
internal endpoint.
- When the user chooses not to employ a certificate manager,
TLS secrets must be filled manually. A series of fields
have been added to the chart for this purpose:
- tls.publicDomain.crt
- tls.publicDomain.key
- tls.privateDomain.crt
- tls.privateDomain.key
- tls.ui.publicDomain.crt
- tls.ui.publicDomain.key
- The user can choose a custom ClusterIssuer by setting the chart fields:
- useCustomTlsIssuer and customTlsIssuer
- Removed configuration options superseded by the newly added variables:
- `tls.crt`, `tls.key`
- `ui.tls.crt`, `ui.tls.key`
Fixes: aquarist-labs/s3gw-tools#193
Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Dec 5, 2022
- Ability to use an optional certificate manager: cert-manager,
to automatically provision TLS certificates. When using such feature,
cert-manager is a prerequisite.
- Usage of cert-manager is enabled by default and can be controlled by
the chart field:
- useCertManager
- The certificate manager will provision certificates for:
- S3 service's ingress (public domain)
- UI service's ingress (public domain)
- S3 service's internal endpoint (Kubernetes private domain)
- When installing a certificate manager, the user can choose between
two predefined ClusterIssuer:
- s3gw-ca-issuer
- s3gw-letsencrypt-issuer
- s3gw-ca-issuer can be used to generate self-signed certificates.
- s3gw-letsencrypt-issuer should be used for production environments.
- Please, note that when using a certificate manager, s3gw-ca-issuer
ClusterIssuer will be used for generating certificates for the S3 service's
internal endpoint.
- When the user chooses not to employ a certificate manager,
TLS secrets must be filled manually. A series of fields
have been added to the chart for this purpose:
- tls.publicDomain.crt
- tls.publicDomain.key
- tls.privateDomain.crt
- tls.privateDomain.key
- tls.ui.publicDomain.crt
- tls.ui.publicDomain.key
- The user can choose a custom ClusterIssuer by setting the chart fields:
- useCustomTlsIssuer and customTlsIssuer
- Removed configuration options superseded by the newly added variables:
- `tls.crt`, `tls.key`
- `ui.tls.crt`, `ui.tls.key`
Fixes: aquarist-labs/s3gw-tools#193
Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Dec 5, 2022
- Ability to use an optional certificate manager: cert-manager,
to automatically provision TLS certificates. When using such feature,
cert-manager is a prerequisite.
- Usage of cert-manager is enabled by default and can be controlled by
the chart field:
- useCertManager
- The certificate manager will provision certificates for:
- S3 service's ingress (public domain)
- UI service's ingress (public domain)
- S3 service's internal endpoint (Kubernetes private domain)
- When installing a certificate manager, the user can choose between
two predefined ClusterIssuer:
- s3gw-ca-issuer
- s3gw-letsencrypt-issuer
- s3gw-ca-issuer can be used to generate self-signed certificates.
- s3gw-letsencrypt-issuer should be used for production environments.
- Please, note that when using a certificate manager, s3gw-ca-issuer
ClusterIssuer will be used for generating certificates for the S3 service's
internal endpoint.
- When the user chooses not to employ a certificate manager,
TLS secrets must be filled manually. A series of fields
have been added to the chart for this purpose:
- tls.publicDomain.crt
- tls.publicDomain.key
- tls.privateDomain.crt
- tls.privateDomain.key
- tls.ui.publicDomain.crt
- tls.ui.publicDomain.key
- The user can choose a custom ClusterIssuer by setting the chart fields:
- useCustomTlsIssuer and customTlsIssuer
- Removed configuration options superseded by the newly added variables:
- `tls.crt`, `tls.key`
- `ui.tls.crt`, `ui.tls.key`
Fixes: aquarist-labs/s3gw-tools#193
Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Dec 6, 2022
- Ability to use an optional certificate manager: cert-manager, to automatically provision TLS certificates. When using such feature, cert-manager installation is a prerequisite. - Usage of cert-manager is enabled by default and can be disabled with the flag: - useCertManager - cert-manager namespace can be set with the following chart field: - certManagerNamespace - cert-manager will provision certificates for: - S3 service's ingress (public domain) - UI service's ingress (public domain) - S3 service's internal endpoint (Kubernetes private domain) - When using cert-manager, the user can choose between two predefined ClusterIssuer: - s3gw-issuer - s3gw-letsencrypt-issuer - s3gw-issuer can be used to generate self-signed certificates. - s3gw-letsencrypt-issuer should be used for production environments. - Please, note that when using a certificate manager, the s3gw-issuer ClusterIssuer will be used for generating certificates for the S3 service's internal endpoint. - When the user chooses not to employ cert-manager, TLS secrets must be filled manually. The following fields have been added to the chart for this purpose: - tls.publicDomain.crt - tls.publicDomain.key - tls.privateDomain.crt - tls.privateDomain.key - tls.ui.publicDomain.crt - tls.ui.publicDomain.key - The user can choose a custom ClusterIssuer by setting the following chart fields: - useCustomTlsIssuer and customTlsIssuer - Configuration options superseded by the newly added variables: - tls.crt, tls.key - ui.tls.crt, ui.tls.key Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Dec 12, 2022
- Ability to use an optional certificate manager: cert-manager, to automatically provision TLS certificates. When using such feature, cert-manager installation is a prerequisite. - Usage of cert-manager is enabled by default and can be disabled with the flag: - useCertManager - cert-manager namespace can be set with the following chart field: - certManagerNamespace - cert-manager will provision certificates for: - S3 service's ingress (public domain) - UI service's ingress (public domain) - S3 service's internal endpoint (Kubernetes private domain) - When using cert-manager, the user can choose between two predefined ClusterIssuer: - s3gw-issuer - s3gw-letsencrypt-issuer - s3gw-issuer can be used to generate self-signed certificates. - s3gw-letsencrypt-issuer should be used for production environments. - Please, note that when using a certificate manager, the s3gw-issuer ClusterIssuer will be used for generating certificates for the S3 service's internal endpoint. - When the user chooses not to employ cert-manager, TLS secrets must be filled manually. The following fields have been added to the chart for this purpose: - tls.publicDomain.crt - tls.publicDomain.key - tls.privateDomain.crt - tls.privateDomain.key - tls.ui.publicDomain.crt - tls.ui.publicDomain.key - The user can choose a custom ClusterIssuer by setting the following chart fields: - useCustomTlsIssuer and customTlsIssuer - Configuration options superseded by the newly added variables: - tls.crt, tls.key - ui.tls.crt, ui.tls.key Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Dec 13, 2022
- Ability to use an optional certificate manager: cert-manager, to automatically provision TLS certificates. When using such feature, cert-manager installation is a prerequisite. - Usage of cert-manager is enabled by default and can be disabled with the flag: - useCertManager - cert-manager namespace can be set with the following chart field: - certManagerNamespace - cert-manager will provision certificates for: - S3 service's ingress (public domain) - UI service's ingress (public domain) - S3 service's internal endpoint (Kubernetes private domain) - When using cert-manager, the user can choose between two predefined ClusterIssuer: - s3gw-issuer - s3gw-letsencrypt-issuer - s3gw-issuer can be used to generate self-signed certificates. - s3gw-letsencrypt-issuer should be used for production environments. - Please, note that when using a certificate manager, the s3gw-issuer ClusterIssuer will be used for generating certificates for the S3 service's internal endpoint. - When the user chooses not to employ cert-manager, TLS secrets must be filled manually. The following fields have been added to the chart for this purpose: - tls.publicDomain.crt - tls.publicDomain.key - tls.privateDomain.crt - tls.privateDomain.key - tls.ui.publicDomain.crt - tls.ui.publicDomain.key - The user can choose a custom ClusterIssuer by setting the following chart fields: - useCustomTlsIssuer and customTlsIssuer - Configuration options superseded by the newly added variables: - tls.crt, tls.key - ui.tls.crt, ui.tls.key Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Dec 13, 2022
- Ability to use an optional certificate manager: cert-manager, to automatically provision TLS certificates. When using such feature, cert-manager installation is a prerequisite. - Usage of cert-manager is enabled by default and can be disabled with the flag: - useCertManager - cert-manager namespace can be set with the following chart field: - certManagerNamespace - cert-manager will provision certificates for: - S3 service's ingress (public domain) - UI service's ingress (public domain) - S3 service's internal endpoint (Kubernetes private domain) - When using cert-manager, the user can choose between two predefined ClusterIssuer: - s3gw-issuer - s3gw-letsencrypt-issuer - s3gw-issuer can be used to generate self-signed certificates. - s3gw-letsencrypt-issuer should be used for production environments. - Please, note that when using a certificate manager, the s3gw-issuer ClusterIssuer will be used for generating certificates for the S3 service's internal endpoint. - When the user chooses not to employ cert-manager, TLS secrets must be filled manually. The following fields have been added to the chart for this purpose: - tls.publicDomain.crt - tls.publicDomain.key - tls.privateDomain.crt - tls.privateDomain.key - tls.ui.publicDomain.crt - tls.ui.publicDomain.key - The user can choose a custom ClusterIssuer by setting the following chart fields: - useCustomTlsIssuer and customTlsIssuer - Configuration options superseded by the newly added variables: - tls.crt, tls.key - ui.tls.crt, ui.tls.key Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
giubacc
referenced
this issue
in giubacc/s3gw-charts
Dec 19, 2022
- Ability to use an optional certificate manager: cert-manager, to automatically provision TLS certificates. When using such feature, cert-manager installation is a prerequisite. - Usage of cert-manager is enabled by default and can be disabled with the flag: - useCertManager - cert-manager namespace can be set with the following chart field: - certManagerNamespace - cert-manager will provision certificates for: - S3 service's ingress (public domain) - UI service's ingress (public domain) - S3 service's internal endpoint (Kubernetes private domain) - When using cert-manager, the user can choose between two predefined ClusterIssuer: - s3gw-issuer - s3gw-letsencrypt-issuer - s3gw-issuer can be used to generate self-signed certificates. - s3gw-letsencrypt-issuer should be used for production environments. - Please, note that when using a certificate manager, the s3gw-issuer ClusterIssuer will be used for generating certificates for the S3 service's internal endpoint. - When the user chooses not to employ cert-manager, TLS secrets must be filled manually. The following fields have been added to the chart for this purpose: - tls.publicDomain.crt - tls.publicDomain.key - tls.privateDomain.crt - tls.privateDomain.key - tls.ui.publicDomain.crt - tls.ui.publicDomain.key - The user can choose a custom ClusterIssuer by setting the following chart fields: - useCustomTlsIssuer and customTlsIssuer - Configuration options superseded by the newly added variables: - tls.crt, tls.key - ui.tls.crt, ui.tls.key Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
Repository owner
moved this from In Review 👀
to Done ✅
in S3GW
Dec 19, 2022
m-ildefons
referenced
this issue
in s3gw-tech/s3gw-charts
Jan 4, 2023
- Ability to use an optional certificate manager: cert-manager, to automatically provision TLS certificates. When using such feature, cert-manager installation is a prerequisite. - Usage of cert-manager is enabled by default and can be disabled with the flag: - useCertManager - cert-manager namespace can be set with the following chart field: - certManagerNamespace - cert-manager will provision certificates for: - S3 service's ingress (public domain) - UI service's ingress (public domain) - S3 service's internal endpoint (Kubernetes private domain) - When using cert-manager, the user can choose between two predefined ClusterIssuer: - s3gw-issuer - s3gw-letsencrypt-issuer - s3gw-issuer can be used to generate self-signed certificates. - s3gw-letsencrypt-issuer should be used for production environments. - Please, note that when using a certificate manager, the s3gw-issuer ClusterIssuer will be used for generating certificates for the S3 service's internal endpoint. - When the user chooses not to employ cert-manager, TLS secrets must be filled manually. The following fields have been added to the chart for this purpose: - tls.publicDomain.crt - tls.publicDomain.key - tls.privateDomain.crt - tls.privateDomain.key - tls.ui.publicDomain.crt - tls.ui.publicDomain.key - The user can choose a custom ClusterIssuer by setting the following chart fields: - useCustomTlsIssuer and customTlsIssuer - Configuration options superseded by the newly added variables: - tls.crt, tls.key - ui.tls.crt, ui.tls.key Fixes: aquarist-labs/s3gw-tools#193 Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
m-ildefons
pushed a commit
to m-ildefons/s3gw
that referenced
this issue
Feb 6, 2023
tools: Fix test container Dockerfile
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What needs to be done
Implement certificate management.
Why it needs to be done
To allow accepting SSL connections.
Acceptance Criteria
Additional Information
The text was updated successfully, but these errors were encountered: