GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → newrelic → k8s-webhook-cert-manager

newrelic / k8s-webhook-cert-manager

Licence: Apache-2.0 license
Generate certificate suitable for use with any Kubernetes Mutating Webhook.

Programming Languages

shell
77523 projects
Makefile
30231 projects
Dockerfile
14818 projects

Labels

tlskubernetesnewrelick8stls-certificatefsiadmission-webhook

Projects that are alternatives of or similar to k8s-webhook-cert-manager

k8s-metadata-injection
Kubernetes metadata injection for New Relic APM to make a linkage between APM and Infrastructure data.
Stars: ✭ 19 (-67.8%)
Mutual labels:  newrelic, fsi, admission-webhook
win-ca
Get Windows System Root certificates
Stars: ✭ 78 (+32.2%)
Mutual labels:  tls, tls-certificate
cassler
🕷️ 🕷️ 🕷️ Validate SSL Certificates around web
Stars: ✭ 55 (-6.78%)
Mutual labels:  tls, tls-certificate
crlite
WebPKI-level Certificate Revocation via Multi-Level Bloom Filter Cascade
Stars: ✭ 52 (-11.86%)
Mutual labels:  tls, tls-certificate
helm-certgen
Helm plugin for generation of TLS certificates
Stars: ✭ 15 (-74.58%)
Mutual labels:  tls, tls-certificate
acmed
ACME (RFC 8555) client daemon
Stars: ✭ 121 (+105.08%)
Mutual labels:  tls, tls-certificate
insecure
Secure your dev servers, insecurely!
Stars: ✭ 41 (-30.51%)
Mutual labels:  tls, tls-certificate
private-tls-cert
A simple Terraform module to generate self-signed TLS certificates for private use
Stars: ✭ 36 (-38.98%)
Mutual labels:  tls, tls-certificate
Certmagic
Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal
Stars: ✭ 3,864 (+6449.15%)
Mutual labels:  tls, tls-certificate
cryptonice
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…
Stars: ✭ 91 (+54.24%)
Mutual labels:  tls, tls-certificate
aks-letsencrypt
Guide to setup Let's Encrypt on AKS
Stars: ✭ 87 (+47.46%)
Mutual labels:  tls-certificate
pagesigner-cli
Run PageSigner from the command line
Stars: ✭ 31 (-47.46%)
Mutual labels:  tls
SimpleSockets
Asynchronous TCP .NET library with reliable transmission and receipt of data, with an ssl implementation.
Stars: ✭ 74 (+25.42%)
Mutual labels:  tls
contruno
A TLS termination proxy as a MirageOS
Stars: ✭ 13 (-77.97%)
Mutual labels:  tls
python-mbedtls
Cryptographic library with an mbed TLS back end
Stars: ✭ 64 (+8.47%)
Mutual labels:  tls
node-dns-over-tls
DNS-over-TLS API for Node.js
Stars: ✭ 18 (-69.49%)
Mutual labels:  tls
idris2-tls
A portable idris2 implementation of TLS
Stars: ✭ 25 (-57.63%)
Mutual labels:  tls
caddy-tlsconsul
🔒 Consul K/V storage for Caddy Web Server / Certmagic TLS data
Stars: ✭ 89 (+50.85%)
Mutual labels:  tls-certificate
nr1-status-pages
NR1 Status Pages allows you to collect and display the statuses of key dependencies in one place.
Stars: ✭ 31 (-47.46%)
Mutual labels:  newrelic
PageSigner
Client for the TLSNotary protocol (Chromium extension).
Stars: ✭ 63 (+6.78%)
Mutual labels:  tls
View All Similar Projects ➔

New Relic Community Plus header

Kubernetes Webhook Certificate Manager

Build Status

Script to generate a certificate suitable for use with any Kubernetes Mutating or Validating Webhook.

To be able to execute the script in a Kubernetes cluster, it's released as a Docker image and can be executed, for instance, as a Kubernetes Job.

This is a detailed list of steps the script is executing:

  • Generate a server key.
  • If there is any previous CSR (certificate signing request) for this key, it is deleted.
  • Generate a CSR for such key.
  • The signature of the key is then approved.
  • The server's certificate is fetched from the CSR and then encoded.
  • A secret of type tls is created with the server certificate and key.
  • The k8s extension api server's CA bundle is fetched.
  • The mutating webhook configuration for the webhook server is patched with the k8s api server's CA bundle from the previous step. This CA bundle will be used by the k8s extension api server when calling our webhook.

If you wish to learn more about TLS certificates management inside Kubernetes, check out the official documentation for Managing TLS Certificate in a Cluster.

Usage example

The script expects multiple mandatory arguments. This is an example:

./generate_certificate.sh --service ${WEBHOOK_SERVICE_NAME} --webhook
${WEBHOOK_NAME} --secret ${SECRET_NAME} --namespace ${WEBHOOK_NAMESPACE}

Development setup

This script is designed to run in Kubernetes clusters. For development purposes, we recommend using Minikube.

Support

Should you need assistance with New Relic products, you are in good hands with several support diagnostic tools and support channels.

This troubleshooting framework steps you through common troubleshooting questions.

New Relic offers NRDiag, a client-side diagnostic utility that automatically detects common problems with New Relic agents. If NRDiag detects a problem, it suggests troubleshooting steps. NRDiag can also automatically attach troubleshooting data to a New Relic Support ticket. Remove this section if it doesn't apply.

If the issue has been confirmed as a bug or is a feature request, file a GitHub issue.

Support Channels

Privacy

At New Relic we take your privacy and the security of your information seriously, and are committed to protecting your information. We must emphasize the importance of not sharing personal data in public forums, and ask all users to scrub logs and diagnostic information for sensitive information, whether personal, proprietary, or otherwise.

We define “Personal Data” as any information relating to an identified or identifiable individual, including, for example, your name, phone number, post code or zip code, Device ID, IP address, and email address.

For more information, review New Relic’s General Data Privacy Notice.

Contribute

We encourage your contributions to improve this project! Keep in mind that when you submit your pull request, you'll need to sign the CLA via the click-through using CLA-Assistant. You only have to sign the CLA one time per project.

If you have any questions, or to execute our corporate CLA (which is required if your contribution is on behalf of a company), drop us an email at [email protected].

A note about vulnerabilities

As noted in our security policy, New Relic is committed to the privacy and security of our customers and their data. We believe that providing coordinated disclosure by security researchers and engaging with the security community are important means to achieve our security goals.

If you believe you have found a security vulnerability in this project or any of New Relic's products or websites, we welcome and greatly appreciate you reporting it to New Relic through HackerOne.

If you would like to contribute to this project, review these guidelines.

To all contributors, we thank you! Without your contribution, this project would not be what it is today.

License

This project is licensed under the Apache 2.0 License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].