Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deploy additional CAs with the autoTls backend #570

Open
siegfriedweber opened this issue Mar 6, 2025 · 0 comments
Open

Deploy additional CAs with the autoTls backend #570

siegfriedweber opened this issue Mar 6, 2025 · 0 comments
Labels
customer-request size/M type/feature-new

Comments

@siegfriedweber
Copy link
Member

Description

It should be possible to deploy additional CAs with the autoTls backend.

If a company wants to use its own root certificate instead of the auto-generated one, an intermediate certificate can be given to the secret operator. Currently, the secret operator only provides this intermediate certificate in volume mounts. Tools, like kcat, which do not use this certificate as a trust anchor, additionally need the root certificate. Therefore, the SecretClass CRD should be extended to allow defining additional certificates, e.g.:

---
apiVersion: secrets.stackable.tech/v1alpha1
kind: SecretClass
metadata:
  name: tls-intermediate-cert
spec:
  backend:
    autoTls:
      ca:
        autoGenerate: false
        secret:
          name: intermediate-ca
          namespace: stackable-operators
      additionalTrustRoots:
        - secret:
            name: root-ca
            namespace: stackable-operators
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
customer-request size/M type/feature-new
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@siegfriedweber