Mariano Cano
Mariano Cano
@joaoantunes I don't know anything about IdentityServer4, and I don't really understand all the scope of what you're trying to do, but let me try to answer some of your...
Hi @etfeet, to be clear, are you asking for different SANs for each replica in a deployment resource?
We're a little confused here. Do you have a different service per pod (I really don't know how to do that in k8s)? Can you provide more information about your...
Right now each replica will have its own cert, so the traffic will be encrypted, the only thing is that the SAN will be the same. In any case, you're...
Sure it will, it makes sense to add POD_NAME, CLUSTER_DOMAIN, and NAMESPACE. I think I'll be able to push something tomorrow, but in the meantime, perhaps HOSTNAME might be useful.
Hi @etfeet, I've been testing this, and the problem with the pod name, is that in a deployment is usually blank, if this is blank kubernetes also defines the GeneratedName....
By default, we generate elliptic curve certificates, but if you integrate directly with the step-certificates instead of using autocert, you can get an RSA certificate signed. You can do it...
As you are not going to be able to interact with the command you will need to split the command in two: ```sh TOKEN=$(step ca token --provisioner {provisioner-name} --password-file /var/run/secrets/password.txt...
@jack4it interesting approach, I'll bring this to our open-source triage meeting.
Hi @jack4it, after talking with the team, we don't think the `/token` endpoint is the right approach because it can be misused to generate a token for a totally different...