mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2024-12-14 11:57:51 +00:00
ee261b8288
cert-manager can be used to automate TLS certificate management for nfd-master and the nfd-worker pod(s). Add a template to deploy cert-manager CA Issuer and Certificates and document steps how to use them. Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
55 lines
1.1 KiB
Text
55 lines
1.1 KiB
Text
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: nfd-ca-key-pair
|
|
namespace: node-feature-discovery
|
|
data:
|
|
tls.key:
|
|
tls.crt:
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Issuer
|
|
metadata:
|
|
name: nfd-ca-issuer
|
|
namespace: node-feature-discovery
|
|
spec:
|
|
ca:
|
|
secretName: nfd-ca-key-pair
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: nfd-master-cert
|
|
namespace: node-feature-discovery
|
|
spec:
|
|
secretName: nfd-master-cert
|
|
subject:
|
|
organizations:
|
|
- node-feature-discovery
|
|
commonName: nfd-master
|
|
dnsNames:
|
|
- nfd-master.node-feature-discovery.svc
|
|
- nfd-master.node-feature-discovery.svc.cluster.local
|
|
- nfd-master
|
|
issuerRef:
|
|
name: nfd-ca-issuer
|
|
kind: Issuer
|
|
group: cert-manager.io
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: nfd-workers-cert
|
|
namespace: node-feature-discovery
|
|
spec:
|
|
secretName: nfd-worker-cert
|
|
subject:
|
|
organizations:
|
|
- node-feature-discovery
|
|
commonName: nfd-worker
|
|
dnsNames:
|
|
- nfd-worker.node-feature-discovery.svc.cluster.local
|
|
issuerRef:
|
|
name: nfd-ca-issuer
|
|
kind: Issuer
|
|
group: cert-manager.io
|