Files

Dustin C. Hatch d4efb735bf loki-ca: Add cert-manager issuer for Loki CA

The Loki CA is used to issue client certificates for Grafana Loki.  This
_cert-manager_ ClusterIssuer will allow applications running in
Kubernetes (e.g. Grafana) to request a Certificate that they can use to
access the Loki HTTP API.

2024-02-22 07:10:01 -06:00

loki-ca.crt

loki-ca: Add cert-manager issuer for Loki CA

2024-02-22 07:10:01 -06:00

loki-ca.yaml

loki-ca: Add cert-manager issuer for Loki CA

2024-02-22 07:10:01 -06:00

openssl.cnf

loki-ca: Add cert-manager issuer for Loki CA

2024-02-22 07:10:01 -06:00

README.md

loki-ca: Add cert-manager issuer for Loki CA

2024-02-22 07:10:01 -06:00

secrets.yaml

loki-ca: Add cert-manager issuer for Loki CA

2024-02-22 07:10:01 -06:00

README.md

Private CA for Grafana Loki Client Authentication

Generate CA Key/Certificate

openssl genpkey -algorithm ED25519 -out loki-ca.key
openssl req -new -config openssl.cnf -key loki-ca.key -x509 -out loki-ca.crt -days 3653

Create SealedSecret

kubectl create secret tls -n cert-manager loki-ca --cert loki-ca.crt --key loki-ca.key --dry-run=client -o yaml | kubeseal -o yaml > secrets.yaml

Note: the SealedSecret is stored in the cert-manager namespace since it is used by a ClusterIssuer.

Deploy

kubectl apply -f .