TLSConfig resource¶
This section describes the TLSConfig
resource used in Mirantis
Container Cloud API for all supported providers. This resource is used to
configure TLS certificates for cluster applications.
Warning
The kubectl apply command automatically saves the
applied data as plain text into the
kubectl.kubernetes.io/last-applied-configuration
annotation of the
corresponding object. This may result in revealing sensitive data in this
annotation when creating or modifying the object.
Therefore, do not use kubectl apply on this object. Use kubectl create, kubectl patch, or kubectl edit instead.
If you used kubectl apply on this object, you
can remove the kubectl.kubernetes.io/last-applied-configuration
annotation from the object using kubectl edit.
The Container Cloud TLSConfig
CR contains the following fields:
apiVersion
API version of the object that is
kaas.mirantis.com/v1alpha1
.
kind
Object type that is
TLSConfig
.
metadata
The
metadata
object field of theTLSConfig
resource contains the following fields:name
Name of the public key.
namespace
Project where the TLS certificate is created.
spec
The
spec
object field contains the configuration to apply for an application. It contains the following fields:serverName
Host name of a server.
serverCertificate
Certificate to authenticate server’s identity to a client. A valid certificate bundle can be passed. The server certificate must be on the top of the chain.
privateKey
Reference to the
Secret
object that contains a private key. A private key is a key for the server. It must correspond to the public key used in the server certificate.key
Key name in the secret.
name
Secret name.
caCertificate
Certificate that issued the server certificate. The top-most intermediate certificate should be used if a CA certificate is unavailable.
Configuration example:
apiVersion: kaas.mirantis.com/v1alpha1
kind: TLSConfig
metadata:
namespace: default
name: keycloak
spec:
caCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0...
privateKey:
secret:
key: value
name: keycloak-s7mcj
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0...
serverName: keycloak.mirantis.com