Skip to content

Migrate aggregated APIService TLS from hardcoded Secret to cert-manager#447

Open
alexandernorth wants to merge 3 commits into
mainfrom
feature/cert-manager-supported-certs
Open

Migrate aggregated APIService TLS from hardcoded Secret to cert-manager#447
alexandernorth wants to merge 3 commits into
mainfrom
feature/cert-manager-supported-certs

Conversation

@alexandernorth

@alexandernorth alexandernorth commented May 19, 2026

Copy link
Copy Markdown
Contributor

Replaces #76.

Summary

Replace the hardcoded api-server-cert Secret with a cert-manager-issued cert chain following the SelfSigned bootstrapping pattern. Removes insecureSkipTLSVerify: true on the APIService. caBundle is now populated by cainjector from the CA Certificate.

Chain: selfsigned-cluster-issuer -> sdc-ca (CA) -> sdc-ca-issuer -> api-server-cert (mounted by the api-server Deployment, same Secret name as before).

Prerequisites

  • cert-manager installed (tested with v1.20.2) with cainjector Ready.
  • See artifacts/certmanager/install.md.

@alexandernorth alexandernorth requested a review from a team as a code owner May 19, 2026 15:33
@alexandernorth alexandernorth mentioned this pull request May 19, 2026
Closed
@github-project-automation github-project-automation Bot moved this to Backlog in SDC project May 19, 2026
@alexandernorth alexandernorth moved this from Backlog to In review in SDC project May 19, 2026
steiler
steiler reviewed May 20, 2026
View reviewed changes
Comment thread artifacts/certmanager/install.md
@alexandernorth alexandernorth mentioned this pull request May 22, 2026
Open
@steiler steiler added the safe to test Apply this label for PRs to kick off CI integration testing label Jun 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@steiler steiler steiler approved these changes
@severindellsperger severindellsperger Awaiting requested review from severindellsperger
@henderiw henderiw Awaiting requested review from henderiw
@faebr faebr Awaiting requested review from faebr

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

safe to test Apply this label for PRs to kick off CI integration testing

Projects

SDC project
Status: In review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexandernorth @steiler