infra/kubernetes
1
0
Fork 0
Code Pull Requests 3 Activity

loki-ca: Add cert-manager issuer for Loki CA

Browse Source 
The Loki CA is used to issue client certificates for Grafana Loki.  This
_cert-manager_ ClusterIssuer will allow applications running in
Kubernetes (e.g. Grafana) to request a Certificate that they can use to
access the Loki HTTP API.
This commit is contained in:
Dustin
2024-02-20 09:17:37 -06:00
parent d08cc6fb0f
commit d4efb735bf
5 changed files with 80 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
loki-ca/README.md Normal file
View File

@@ -0,0 +1,24 @@
# Private CA for Grafana Loki Client Authentication
## Generate CA Key/Certificate
```sh
openssl genpkey -algorithm ED25519 -out loki-ca.key
openssl req -new -config openssl.cnf -key loki-ca.key -x509 -out loki-ca.crt -days 3653
```
## Create SealedSecret
```sh
kubectl create secret tls -n cert-manager loki-ca --cert loki-ca.crt --key loki-ca.key --dry-run=client -o yaml | kubeseal -o yaml > secrets.yaml
```
_Note_: the SealedSecret is stored in the _cert-manager_ namespace since it is
used by a ClusterIssuer.
## Deploy
```sh
kubectl apply -f .
```