Topic Leader(s)
Topic Overview
A presentation of ONAP specific add-on to K8s Cert-Manager which gives possibility to enroll X.509 certificates from CMPv2 servers
Slides & Recording
Minutes
- Cert-Manager is commonly used as solution to enroll X.509 certificates to K8s workloads
- Cert-Manager doesn't support CMPv2 protocol natively, but it supports idea of external issuers, which could extend Cert-Manager capabilities
- Within ONAP Honolulu release Nokia implemented CMPv2 external issuer, which extends Cert-Manager with capability to enroll X.509 certificates from CMPv2 servers
- Such integration uses already implemented CMPv2 CertService
- Ingress resources can be integrated with Cert-Manager, so they have now also a capability to get certificates from CMPv2 servers
- Istio Service Mesh integrates with Cert-Manager, so it has now also a capability to get certificates from CMPv2 servers
Action Items
- Need to validate whole solution on K8 1.19