cf-for-k8s icon indicating copy to clipboard operation
cf-for-k8s copied to clipboard

Published 20 hours ago verified publisher icon cloudfoundry

Platform engineers want cf-for-k8s to generate certificates automatically

Open Syerram opened this issue 4 years ago • 3 comments

Summary

This feature enables the generation of certificates in the cluster. With this feature, Platform engineers are relieved of manually passing a certificate or (or running the hack script). e.g. uaa-certs or ingress cert are examples of properties that take certs

Intended Outcome

It enhances the Platform engineer's experience and relieves them from generating or rotating certs in the future (see another Feature request on certs rotation).

What alternatives were considered

Users use a bosh-cli based hack script to generate the certs.

How will it work

Use the Quarks project to generate and rotate certs. In addition, Quarks can use Cert-manager to generate certs using a public CA provider.

Syerram avatar Aug 05 '20 05:08 Syerram

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/174184786

The labels on this github issue will be updated when the story is started.

cf-gitbot avatar Aug 05 '20 05:08 cf-gitbot

Hi there, I just wanted to query about the planned implementation for this. We already use cert-manager and manager our own certs. I would be concerned about cf-for-k8s not playing well with clusters that already use cert-manager (which will probably be many)

braunsonm avatar Nov 22 '20 04:11 braunsonm

Related: proposal gDoc from SAP. Custom Domains in cf-for-k8s

jamespollard8 avatar Jan 15 '21 00:01 jamespollard8