Comments (2)
Hey @porwalameet I am not too familiar with Azure services, but in your example you are specifying a CA issuer.
Is this because you have your own privately managed CA, just stored in Azure Key Vault?
Or are you issuing from an Azure service?
I was just wondering if you used another issuer type, it might pull the CA back for you, like the Vault issuer.
Also although it does not solve your problem, have you also considered using trust-manager to distribute your CA?
from cert-manager.
@hawksight , I have my privately managed CA which is stored in Azure Key Vault. Since CA certificate (+key) is highly sensitive data, copying to multiple Kubernetes cluster in form of kubernetes cluster will raise security concerns. So was wondering, can cert-manager can issue certificate without expecting in k8s secret.
We are using Azure Key Vault just as storage here.
I will explore trust-manager as well and get back. Thanks.
from cert-manager.
Related Issues (20)
- CRDs not being installed since v1.15.0 HOT 5
- Vault issuer should retry on volatile errors HOT 3
- Add global image repository value to helm values to facilitate private repo and eiliminate need to maintain individual repo image paths
- Route53 Provider Assume Role Error - Missing Region HOT 5
- UI Toolings to help user create and manage certificates
- ClusterIssuer with vault auth and serviceAccountRef Error initializing issuer HOT 5
- Helm Repo Index is Invalid for finops-policies and limit-ranger HOT 7
- Error getting keypair for CA issuer: secrets "xxxx" not found HOT 10
- Upgrade golang-runtime to 1.22.4 HOT 3
- Failed to register ACME account with letsencrypt HOT 1
- Repeated creation of CertificateRequest for unclear reason HOT 1
- AzureDNS panic when using invalid client ID (workload identity) HOT 4
- ImagePullSecrets do not exist in the deployments HOT 1
- Failed to generate serving certificate HOT 6
- editing a Certificate and changing the 'duration' does not result in certificates being reissued, though documentation says it will HOT 1
- Cert-Manager in AKS revoke to migrate HOT 1
- ACME protocol can't issue certificate for ipv6 endpoint
- The description of `spec.venafi.tpp.credentialsRef` is inaccurate, and it may confuse users
- CAInjector entering crashloop with "timed out waiting for cache to be synced" HOT 3
- Is there a feature available for having an additional TLS certificate to coupled with existing TLS certificate? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cert-manager.