Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spec requirements on certificate secrets #74

Closed
jpeach opened this issue Feb 11, 2020 · 10 comments
Closed

Spec requirements on certificate secrets #74

jpeach opened this issue Feb 11, 2020 · 10 comments
Assignees
@youngnick
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@jpeach
Copy link
Contributor

jpeach commented Feb 11, 2020
edited
Loading

There are a number of interoperability questions about the use of secrets to store TLS keys and certificates. It may be helpful to have consolidated language to address these.

  • If it is a TypedLocalReference, what kinds must an implementation support?
  • Is the secret type required (e.g. v1.SecretTypeTLS)
    • If so, spec required types for server and client certificates, keys and CA bundles
  • Can secret data have multiple keys?
  • Are any specific secret data keys required?
  • What secret data formats must be supported? Only PEM?
  • Are multiple items allowed in a single secret data value (i.e multiple PEM blocks)
  • How items can be combined (e.g. is it OK to have key, cert and CA bundle all in one secret)

There may be existing certificate specs that we can incorporate by reference; we could also choose to punt this issue to implementations.
@jpeach jpeach added the kind/feature Categorizes issue or PR as related to a new feature. label Feb 11, 2020
@jpeach jpeach mentioned this issue Feb 11, 2020
Closed
@danehans danehans mentioned this issue Feb 12, 2020
Closed
@bowei
Copy link
Contributor

bowei commented Feb 13, 2020

For sure supported:

  1. Kubernetes Secrets, as used today by Ingress V1; let's take what is the current requirements from that and pull it here. This is easy for users to interoperate with and we have a solid basis to go from.

It's a typed ref for extension to other systems. The easiest thing to do here is to make anything else Support: custom and put this into the backlog.

@youngnick
Copy link
Contributor

/assign @youngnick

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 3, 2020
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jul 3, 2020
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jpeach
Copy link
Contributor Author

jpeach commented Aug 2, 2020

/reopen
/remove-lifecycle rotten

@k8s-ci-robot
Copy link
Contributor

@jpeach: Reopened this issue.

In response to this:

/reopen
/remove-lifecycle rotten

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot reopened this Aug 2, 2020
@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Aug 2, 2020
@hbagdi
Copy link
Contributor

hbagdi commented Sep 24, 2020

I believe this is all documented in Go doc comments. Is it safe to close this?

@robscott
Copy link
Member

I believe so as well, feel free to reopen if not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@youngnick youngnick

Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@jpeach @robscott @bowei @hbagdi @youngnick @k8s-ci-robot @fejta-bot