Dustin C. Hatch
d4efb735bf
The Loki CA is used to issue client certificates for Grafana Loki. This _cert-manager_ ClusterIssuer will allow applications running in Kubernetes (e.g. Grafana) to request a Certificate that they can use to access the Loki HTTP API.
25 lines
563 B
Markdown
25 lines
563 B
Markdown
# Private CA for Grafana Loki Client Authentication
|
|
|
|
## Generate CA Key/Certificate
|
|
|
|
```sh
|
|
openssl genpkey -algorithm ED25519 -out loki-ca.key
|
|
openssl req -new -config openssl.cnf -key loki-ca.key -x509 -out loki-ca.crt -days 3653
|
|
```
|
|
|
|
## Create SealedSecret
|
|
|
|
```sh
|
|
kubectl create secret tls -n cert-manager loki-ca --cert loki-ca.crt --key loki-ca.key --dry-run=client -o yaml | kubeseal -o yaml > secrets.yaml
|
|
```
|
|
|
|
_Note_: the SealedSecret is stored in the _cert-manager_ namespace since it is
|
|
used by a ClusterIssuer.
|
|
|
|
|
|
## Deploy
|
|
|
|
```sh
|
|
kubectl apply -f .
|
|
```
|