Giter VIP home page Giter VIP logo

cert-manager-acme-httphook's Introduction

Certificates for your private Kubernetes

Build and Test License Open Issues Closed Issues Open Pull Requests Closed Pull Requests Latest Release Docker Pulls

cert-manager-acme-httphook provides a Kubernetes operator to hook into cert-manager. That hook is used to enable issuing certificates for a private Kubernetes cluster.

cert-manager automates management and issuance of TLS certificates from various issuing sources. Among those sources are certificate authorities (CAs) that implement the ACME protocol. Whenever cert-manager needs to order a new certificate from such an issuer, it creates a ACME http-01 challenge object with the challenge information provided by the CA. The default behavior of cert-manager is to present an http-01 challenge to the CA via an ingress. However, this does not work, when the the ingress is not reachable from the CA.

cert-manager-acme-httphook watches for challenge objects in Kubernetes and uploads challenges to a public SFTP server, so that they can be verified by the CA.

Prerequisites

Imagine, that you want to get certificates for services that you run on a Kubernetes cluster in a private network. If the names of your services are managed in a DNS that you control, that is publicly visible and for which there is a cert-manager supported or out of tree DNS provider, then you can use that DNS provider to request certificates for your services and you are done.

If you have control over the DNS, but not in a supported way (e.g. because you can only manage the DNS via a web UI), then you may still be able to use cert-manager-acme-httphook to present ACME HTTP01 challenges on a public HTTP server.

Scenario

We use the following scenario:

  • You own a domain name, let's say example.com.
  • You want to dedicate a subdomain home.example.com to your internal systems.
  • You want to secure services like myservice.home.example.com with certificates.
  • You have an SFTP server sftp.example.com through which you can upload and delete content for myservice.home.example.com.

What you need

You need credentials for your SFTP server.

Note:

You could use the credentials that you also use to upload other content for your website. If you can however, you should set up a separate SFTP account that is only used by the cert-manager-acme-httphook and that only has access to the content that it needs to access.

Note:

Currently the only credentials supported by cert-manager-acme-httphook are username and password. Private keys are currently not supported.

Preparation

TODO

Installation

TODO

Configuration

TODO

Quick Links

TODO

Logo

Certificate by Adrien Coquet from the Noun Project

cert-manager-acme-httphook's People

Contributors

dependabot[bot] avatar mpoettgen avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar

Forkers

luis-sousa-pinto

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.