Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Certificate management & usage #10

Open
11 tasks
ahrtr opened this issue Dec 9, 2024 · 0 comments
Open
11 tasks

Certificate management & usage #10

ahrtr opened this issue Dec 9, 2024 · 0 comments

Comments

@ahrtr
Copy link
Member

ahrtr commented Dec 9, 2024

Refer to the high level design.

Tasks breakdown

  • Mount secrets into etcd PODs
    From etcd POD perspective, it doesn't care about how the secrets/certificates are generated, it just mounts the secret and use the certificates directly.
    • Extend the CRD definition to include certificate, similar to Issue certifcates for etcd-operator #9 (comment)
    • Update reconciliation workflow to mount the secrets into etcd POD. Blocked by the reconciliation work.
    • Users are supposed to get the secretes/certificates prepared before creating etcd clusters. We need to clearly document this.
      • Users can manually create & manage the secrets & certificates themselves.
      • etcd-operator can try to implement some utilities to manage secrets & certificates (see next section)
  • etcd-operator supports certificate management
    • Define an interface, so that users can extend or integrate their own certificate service with the etcd-operator.
      • Note etcd-operator's priority is to simplify & automate the management of the etcd clusters instead of certificate management.
    • Implement some simple certificate management utilities for testing purpose,
      • i.e. supporting auto self-signed certificate.
    • Investigate some best practice & popular certificate issuers to handle certificate management, and decide the next step.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant