VaultCertificate CRD
Example:
apiVersion: xo.90poe.io/v1alpha1
kind: VaultCertificate
metadata:
labels:
app.kubernetes.io/name: vaultcertificate
app.kubernetes.io/instance: vaultcertificate-sample
app.kubernetes.io/part-of: vault-secrets-operator
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: vault-secrets-operator
name: vaultcertificate-sample
spec:
name: vcert-sec
vault_pki_path: pki-mqtt
key_type: rsa
cn: test.example.com
alt_names: ["*.example.com"]
cert_ttl: 600
Spec
You will have to amend spec section according to your requirements.
Spec section:
| Settings | Type | Required | Notes |
|---|---|---|---|
| name | string | Yes | Name of Secret in K8S |
| vault_pki_path | string | Yes | Path PKI in Vault. |
| key_type | string | No | Type of private key. Can be: rsa, ec, ecdsa. Default 'rsa'. |
| key_length | uint | No | Keybits lenght of RSA certificate. Default 4096 |
| ecdsa_curve | string | No | Curve to use for ECDSA private key. Can be: p224,p256,p384,p521 |
| cn | string | Yes | CommonName of the TLS certificate |
| alt_names | []string | No | Alternative names of the TLS certificate. CN will be included if you don't add it yourself. |
| cert_ttl | int | No | TTL of certificate in seconds. Default: 86400 (24 hour) |
| type | string | Yes | Type of created secret in K8S. Default: kubernetes.io/tls |