8000 [Feature Request] generate TLS certificates using cert-manager by luismacosta · Pull Request #663 · temporalio/helm-charts · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

[Feature Request] generate TLS certificates using cert-manager #663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

[Feature Request] generate TLS certificates using cert-manager #663

wants to merge 20 commits into from

Conversation

luismacosta
Copy link
Contributor
@luismacosta luismacosta commented Mar 11, 2025
edited
Loading

What was changed

Add certificates.yaml + secret.yaml to templates
Add README.md

Why?

generate certificates using cert-manager

How was this tested

  • Deployed cert-manager helm-chart
  • Deployed temporal helm chart, 0.57.0, using temporal/charts/temporal/tests/certificates.yaml as values.yaml, with my own tls.crt + tls.key

Cert-manager will:

  • Use the temporal-issuer (which refers to the CA).
  • Ask the CA (from the tls-certs secret) to sign a new certificate.
  • Create the temporal-tls-certs secret in the same namespace — this secret will contain:
    • tls.crt: the signed certificate
    • tls.key: the private key
    • Optionally, ca.crt: the CA certificate (if configured)
➜  ~ kubectl get secret -n temporal

NAME                          TYPE                   DATA       AGE
temporal-tls-certs            kubernetes.io/tls      3          3h38m
tls-certs                     Opaque                 2          153m


➜  ~ kubectl get certificate  -n temporal

NAME                READY          SECRET                       AGE
temporal-cert       True           temporal-tls-certs           5h35m


➜  ~ kubectl get certificaterequests  -n temporal-data

NAME              APPROVED   DENIED   READY   ISSUER            REQUESTER                                                                      AGE
temporal-cert-1   True                True    temporal-issuer   system:serviceaccount:cert-manager:test-cert-manager  5h

@robholland Can you please review? Thanks

@luismacosta
generate certificates using cert-manager
6af6e17
@luismacosta
generate certificates using cert-manager
76b375e 
Signed-off-by: luis.costa <luis.costa@talkdesk.com>
@luismacosta
generate certificates using cert-manager
5c42ee0 
Signed-off-by: luis.costa <luis.costa@talkdesk.com>
@luismacosta
generate certificates using cert-manager
6b5e6b9 
Signed-off-by: luis.costa <luis.costa@talkdesk.com>
@luismacosta
update certificates
66f4d6b 
Signed-off-by: luis.costa <luis.costa@talkdesk.com>
@luismacosta
update certificates
736a209 
Signed-off-by: luis.costa <luis.costa@talkdesk.com>
@luismacosta
update certificates
c262243 
Signed-off-by: luis.costa <luis.costa@talkdesk.com>
@luismacosta
move tests to ci
b301fc3
@luismacosta
secret
d042b8d
@luismacosta luismacosta changed the title generate certificates using cert-manager [helm-charts] generate certificates using cert-manager Mar 16, 2025
@luismacosta luismacosta changed the title [helm-charts] generate certificates using cert-manager [Feature Request] generate certificates using cert-manager Mar 16, 2025
@luismacosta luismacosta changed the title [Feature Request] generate certificates using cert-manager [Feature Request] generate TLS certificates using cert-manager Mar 16, 2025
@luismacosta luismacosta mentioned this pull request Mar 20, 2025
Open
@tomwheeler tomwheeler self-requested a review April 8, 2025 00:08
tomwheeler
tomwheeler requested changes Apr 8, 2025
View reviewed changes
Copy link
Contributor
@tomwheeler tomwheeler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no prior experience with cert-manager, and while I was able to deploy that into Kubernetes, it will take me some time to read through its documentation and learn how to generate certificates. As I was waiting on my deployment to come online, I read through the code and found a few typos, for which I have provided suggestions.

I'll need to do a more detailed review, but these typos will need to be fixed so I wanted to point them out now.

luismacosta and others added 5 commits April 8, 2025 09:14
@luismacosta @tomwheeler
Update charts/temporal/ci/certificates.yaml
d9578c4 
Co-authored-by: Tom Wheeler <tom@temporal.io>
@luismacosta @tomwheeler
Update charts/temporal/ci/certificates.yaml
1411528 
Co-authored-by: Tom Wheeler <tom@temporal.io>
@luismacosta @tomwheeler
Update charts/temporal/values.yaml
341ca71 
Co-authored-by: Tom Wheeler <tom@temporal.io>
@luismacosta @tomwheeler
Update charts/temporal/values.yaml
5cf649f 
Co-authored-by: Tom Wheeler <tom@temporal.io>
@luismacosta
Update certificates.yaml
15a23c6
luismacosta
luismacosta commented Apr 8, 2025
View reviewed changes
@luismacosta luismacosta requested a review from tomwheeler April 8, 2025 08:21
luismacosta
luismacosta commented Apr 8, 2025
View reviewed changes
@luismacosta
Copy link
Contributor Author

I have no prior experience with cert-manager, and while I was able to deploy that into Kubernetes, it will take me some time to read through its documentation and learn how to generate certificates. As I was waiting on my deployment to come online, I read through the code and found a few typos, for which I have provided suggestions.

I'll need to do a more detailed review, but these typos will need to be fixed so I wanted to point them out now.

Thanks Tom.
typos corrected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomwheeler tomwheeler Awaiting requested review from tomwheeler

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@luismacosta @tomwheeler
0