Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ImageRepository Client cert authentication (mTLS) + CA certificate #5

Open
rashedkvm opened this issue Jun 26, 2022 · 0 comments
Open

ImageRepository Client cert authentication (mTLS) + CA certificate #5

rashedkvm opened this issue Jun 26, 2022 · 0 comments
Assignees
@rashedkvm
Labels
enhancement New feature or request

Comments

@rashedkvm
Copy link
Member

rashedkvm commented Jun 26, 2022
edited
Loading

ImageRepository Authentication via client certificate

For private repositories which require a certificate to authenticate,
the client certificate, private key, and the CA certificate (if self-signed), can be provided with:

spec:
  certSecretRef:
    name: regcert

The certSecretRef points to a Kubernetes secret in the same namespace as the ImageRepository:

kubectl create secret generic regcert \
  --from-file=certFile=client.crt \
  --from-file=keyFile=client.key \
  --from-file=caFile=ca.crt

Is your feature request related to a problem? Please describe
The current version of Source Controller does not support authenticating to a registry via a client certificate. Also, for the CA certificate, there is a single secret for the source. After gathering user feedback, such secrets with CA certificate data can be managed via ImageRepository resource definition. This is also consistent Flux resource APIs.

Describe alternatives you've considered

Additional context
@rashedkvm rashedkvm added the enhancement New feature or request label Jun 26, 2022
@rashedkvm rashedkvm self-assigned this Jun 26, 2022
@rashedkvm rashedkvm changed the title Client cert authentication (mTLS) Client cert authentication (mTLS) + CA certificate Jul 6, 2022
@rashedkvm rashedkvm changed the title Client cert authentication (mTLS) + CA certificate ImageRepository Client cert authentication (mTLS) + CA certificate Jul 18, 2022
@rashedkvm rashedkvm transferred this issue from another repository Jan 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rashedkvm rashedkvm

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rashedkvm