Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there a way to specify the domain #150

Open
vishrantgupta opened this issue Jul 21, 2023 · 4 comments
Open

Is there a way to specify the domain #150

vishrantgupta opened this issue Jul 21, 2023 · 4 comments
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/backlog Higher priority than priority/awaiting-more-evidence.

Comments

@vishrantgupta
Copy link

vishrantgupta commented Jul 21, 2023
edited
Loading

I am looking for a way to create the Bundle with the domain in order to create the PEM

apiVersion: trust.cert-manager.io/v1alpha1
kind: Bundle
metadata:
  name: trust-bundle
  namespace: default
spec:
  sources:
  - domain: https://example.com           # <-- expecting the trust manager to pull the PEM by domain
  target:
    configMap:
      key: trust.pem
@hawksight
Copy link
Member

There currently is no mechanism to pull in the CA from a target, whether that be an external bucket, webpage, GitHub or looking it up from a domain name. Trust manage focuses on the distribution of trust. If it was to start pulling trust from sources it opens up the possibility of those source being compromised and that being automatically propagated around your cluster.

You would have to manually get the CA from that domain and add it in cluster (as a secret or configmap) to the namespace where trust-manager is installed.

I have had a similar idea but based on my previous discussions you would be better off writing a Job or CronJob to go and fetch the CA you wanted and then populate the secret or configmap accordingly.

@inteon inteon added the priority/backlog Higher priority than priority/awaiting-more-evidence. label Aug 29, 2024
@inteon
Copy link
Member

inteon commented Aug 29, 2024

Pulling from target indeed seems a bit dangerous.
You might want to look into creating a cronjob to pull certificates eg. from a trusted URL?

@cert-manager-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
/lifecycle stale

@cert-manager-prow cert-manager-prow bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 27, 2024
@cert-manager-bot
Copy link
Contributor

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
/lifecycle rotten
/remove-lifecycle stale

@cert-manager-prow cert-manager-prow bot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Dec 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/backlog Higher priority than priority/awaiting-more-evidence.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@vishrantgupta @hawksight @inteon @cert-manager-bot