2021-02-03 - ONAP: Enrolling X.509 certificates from CMPv2 server using K8s Cert-Manager
Topic Leader(s)
@Pawel Baniewski
@damian.nowak
Topic Overview
A presentation of ONAP specific add-on to K8s Cert-Manager which gives possibility to enroll X.509 certificates from CMPv2 servers
Slides & Recording
Minutes
Cert-Manager is commonly used as solution to enroll X.509 certificates to K8s workloads
Cert-Manager doesn't support CMPv2 protocol natively, but it supports idea of external issuers, which could extend Cert-Manager capabilities
Within ONAP Honolulu release Nokia implemented CMPv2 external issuer, which extends Cert-Manager with capability to enroll X.509 certificates from CMPv2 servers
Such integration uses already implemented CMPv2 CertService
Ingress resources can be integrated with Cert-Manager, so they have now also a capability to get certificates from CMPv2 servers
Istio Service Mesh integrates with Cert-Manager, so it has now also a capability to get certificates from CMPv2 servers