Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Certificate management & usage #10

Open
11 tasks
ahrtr opened this issue Dec 9, 2024 · 3 comments
Open
11 tasks

Certificate management & usage #10

ahrtr opened this issue Dec 9, 2024 · 3 comments
Assignees
Labels
enhancement New feature or request
Milestone

Comments

@ahrtr
Copy link
Member

ahrtr commented Dec 9, 2024

Refer to the high level design.

Tasks breakdown

  • Mount secrets into etcd PODs
    From etcd POD perspective, it doesn't care about how the secrets/certificates are generated, it just mounts the secret and use the certificates directly.
    • Extend the CRD definition to include certificate, similar to Issue certifcates for etcd-operator #9 (comment)
    • Update reconciliation workflow to mount the secrets into etcd POD. Blocked by the reconciliation work.
    • Users are supposed to get the secretes/certificates prepared before creating etcd clusters. We need to clearly document this.
      • Users can manually create & manage the secrets & certificates themselves.
      • etcd-operator can try to implement some utilities to manage secrets & certificates (see next section)
  • etcd-operator supports certificate management
    • Define an interface, so that users can extend or integrate their own certificate service with the etcd-operator.
      • Note etcd-operator's priority is to simplify & automate the management of the etcd clusters instead of certificate management.
    • Implement some simple certificate management utilities for testing purpose,
      • i.e. supporting auto self-signed certificate.
    • Investigate some best practice & popular certificate issuers to handle certificate management, and decide the next step.
@ahrtr ahrtr added the enhancement New feature or request label Jan 6, 2025
@ahrtr
Copy link
Member Author

ahrtr commented Jan 11, 2025

The PR #17 has been merged.

Also I don't think this task is blocked even the PR #17 isn't merged. We can implement some utilities on certificate management and expose some API for the reconciliation workflow to call. Eventually we can integrate with the reconciliation process.

@gdasson
Copy link
Contributor

gdasson commented Jan 12, 2025

@ahrtr : Can you please assign me? I'll start working on it from next week. Thanks.

@ahrtr
Copy link
Member Author

ahrtr commented Jan 12, 2025

Thanks @gdasson . Previously @ArkaSaha30 was working on this task. But since there isn't much progress so far, we don't have much time to wait, so assigned this task to both of you.

@ahrtr ahrtr added this to the v0.1.0 milestone Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants