infra
/
kubernetes
1
0
Fork 0
Code Pull Requests 4 Activity
kubernetes/loki-ca
History
Dustin d4efb735bf loki-ca: Add cert-manager issuer for Loki CA 
The Loki CA is used to issue client certificates for Grafana Loki.  This
_cert-manager_ ClusterIssuer will allow applications running in
Kubernetes (e.g. Grafana) to request a Certificate that they can use to
access the Loki HTTP API.
 		2024-02-22 07:10:01 -06:00
..
README.md loki-ca: Add cert-manager issuer for Loki CA 2024-02-22 07:10:01 -06:00
loki-ca.crt loki-ca: Add cert-manager issuer for Loki CA 2024-02-22 07:10:01 -06:00
loki-ca.yaml loki-ca: Add cert-manager issuer for Loki CA 2024-02-22 07:10:01 -06:00
openssl.cnf loki-ca: Add cert-manager issuer for Loki CA 2024-02-22 07:10:01 -06:00
secrets.yaml loki-ca: Add cert-manager issuer for Loki CA 2024-02-22 07:10:01 -06:00

README.md

Private CA for Grafana Loki Client Authentication

Generate CA Key/Certificate

openssl genpkey -algorithm ED25519 -out loki-ca.key
openssl req -new -config openssl.cnf -key loki-ca.key -x509 -out loki-ca.crt -days 3653

Create SealedSecret

kubectl create secret tls -n cert-manager loki-ca --cert loki-ca.crt --key loki-ca.key --dry-run=client -o yaml | kubeseal -o yaml > secrets.yaml

Note: the SealedSecret is stored in the cert-manager namespace since it is used by a ClusterIssuer.

Deploy

kubectl apply -f .