sshca: Configure user CA
SSHCA now supports issuing user certificates. It uses OpenID Connect to authenticate requests, and issues certificates based on the user's ID token.
This commit is contained in:
@@ -84,6 +84,12 @@ spec:
|
||||
- mountPath: /run/sshca/secrets/host/passphrase
|
||||
name: sshca-host-passphrase
|
||||
readOnly: true
|
||||
- mountPath: /run/sshca/secrets/user/key
|
||||
name: sshca-user-key
|
||||
readOnly: true
|
||||
- mountPath: /run/sshca/secrets/user/passphrase
|
||||
name: sshca-user-passphrase
|
||||
readOnly: true
|
||||
- mountPath: /var/lib/sshca
|
||||
name: sshca-data
|
||||
readOnly: true
|
||||
@@ -108,6 +114,12 @@ spec:
|
||||
- name: sshca-libvirt-key
|
||||
secret:
|
||||
secretName: sshca-libvirt-sshkey
|
||||
- name: sshca-user-key
|
||||
secret:
|
||||
secretName: sshca-user-key
|
||||
- name: sshca-user-passphrase
|
||||
secret:
|
||||
secretName: sshca-user-passphrase
|
||||
- name: ssh-known-hosts
|
||||
configMap:
|
||||
name: ssh-known-hosts
|
||||
|
||||
Reference in New Issue
Block a user