You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Current »

Topic Leader(s)

Topic Overview

A presentation of ONAP specific add-on to K8s Cert-Manager which gives possibility to enroll X.509 certificates from CMPv2 servers

Slides & Recording


2021-02-03 - ONAP_Enrolling X.509 certificates from CMPv2 server using K8s Cert-Manager.mp4

Minutes

  • Cert-Manager is commonly used as solution to enroll X.509 certificates to K8s workloads
  • Cert-Manager doesn't support CMPv2 protocol natively, but it supports idea of external issuers, which could extend Cert-Manager capabilities
  • Within ONAP Honolulu release Nokia implemented CMPv2 external issuer, which extends Cert-Manager with capability to enroll X.509 certificates from CMPv2 servers
    • Such integration uses already implemented CMPv2 CertService
  • Istio Service Mesh integrates with Cert-Manager, so it has now also a capability to get certificates from CMPv2 servers


Action Items

  • Need to validate whole solution on K81 1.19
  • No labels