• Stars
    star
    134
  • Rank 270,967 (Top 6 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 5 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Tools to help with self signed cert generation for Kubernetes test environment

Build Status Go Report Card GitHub release (latest SemVer) Docker Pulls

Kubernetes webhook certificate generator and patcher

Overview

Generates a CA and leaf certificate with a long (100y) expiration, then patches Kubernetes Admission Webhooks by setting the caBundle field with the generated CA. Can optionally patch the hooks failurePolicy setting - useful in cases where a single Helm chart needs to provision resources and hooks at the same time as patching.

The utility works in two parts, optimized to work better with the Helm provisioning process that leverages pre-install and post-install hooks to execute this as a Kubernetes job.

Security Considerations

This tool may not be adequate in all security environments. If a more complete solution is required, you may want to seek alternatives such as jetstack/cert-manager

Command line options

Use this to create a ca and signed certificates and patch admission webhooks to allow for quick
                   installation and configuration of validating and admission webhooks.

Usage:
  kube-webhook-certgen [flags]
  kube-webhook-certgen [command]

Available Commands:
  create      Generate a ca and server cert+key and store the results in a secret 'secret-name' in 'namespace'
  help        Help about any command
  patch       Patch a validatingwebhookconfiguration and mutatingwebhookconfiguration 'webhook-name' by using the ca from 'secret-name' in 'namespace'
  version     Prints the CLI version information

Flags:
  -h, --help                help for kube-webhook-certgen
      --kubeconfig string   Path to kubeconfig file: e.g. ~/.kube/kind-config-kind
      --log-format string   Log format: text|json (default "text")
      --log-level string    Log level: panic|fatal|error|warn|info|debug|trace (default "info")

Create

Generate a ca and server cert+key and store the results in a secret 'secret-name' in 'namespace'

Usage:
  kube-webhook-certgen create [flags]

Flags:
      --cert-name string     Name of cert file in the secret (default "cert")
  -h, --help                 help for create
      --host string          Comma-separated hostnames and IPs to generate a certificate for
      --key-name string      Name of key file in the secret (default "key")
      --namespace string     Namespace of the secret where certificate information will be written
      --secret-name string   Name of the secret where certificate information will be written

Global Flags:
      --kubeconfig string   Path to kubeconfig file: e.g. ~/.kube/kind-config-kind
      --log-format string   Log format: text|json (default "json")
      --log-level string    Log level: panic|fatal|error|warn|info|debug|trace (default "info")

Patch

Patch a validatingwebhookconfiguration and mutatingwebhookconfiguration 'webhook-name' by using the ca from 'secret-name' in 'namespace'

Usage:
  kube-webhook-certgen patch [flags]

Flags:
  -h, --help                          help for patch
      --namespace string              Namespace of the secret where certificate information will be read from
      --patch-failure-policy string   If set, patch the webhooks with this failure policy. Valid options are Ignore or Fail
      --patch-mutating                If true, patch mutatingwebhookconfiguration (default true)
      --patch-validating              If true, patch validatingwebhookconfiguration (default true)
      --secret-name string            Name of the secret where certificate information will be read from
      --webhook-name string           Name of validatingwebhookconfiguration and mutatingwebhookconfiguration that will be updated

Global Flags:
      --kubeconfig string   Path to kubeconfig file: e.g. ~/.kube/kind-config-kind
      --log-format string   Log format: text|json (default "text")
      --log-level string    Log level: panic|fatal|error|warn|info|debug|trace (default "info")

Known Users

More Repositories

1

equinox

.NET event sourcing library with CosmosDB, DynamoDB, EventStoreDB, message-db, SqlStreamStore and integration test backends. Focused at stream level; see https://github.com/jet/propulsion for cross-stream projections/subscriptions/reactions
F#
472
star
2

propulsion

.NET event stream projection and scheduling platform with CosmosDB, DynamoDB, EventStoreDB, MemoryStore, message-db, Equinox and Kafka integrations
F#
178
star
3

kafunk

Kafunk: F# Kafka client
F#
162
star
4

falanx

Generates F# code from protobuf schema for binary and json format
F#
142
star
5

FsKafka

Minimal F# wrappers for Confluent.Kafka+librdkafka.redist 1.x
F#
87
star
6

FsCodec

F# Event-Union Contract Encoding with versioning tolerant converters supporting System.Text.Json and Newtonsoft.Json
F#
84
star
7

damon

Supervisor program to constrain Windows executables running under Nomad's raw_exec driver
Go
83
star
8

dotnet-templates

Example app and service templates `dotnet new -i Equinox.Templates; dotnet new eqx*/pro*` https://github.com/jet/equinox https://github.com/jet/FsCodec
F#
65
star
9

nomad-service-alerter

Alerting for Nomad Jobs
Go
36
star
10

XRay

Our distributed tracing library https://jet.github.io/XRay/
F#
16
star
11

CallPolly

Apply systemwide resilience strategies consistently across subsystems, standing on Polly's shoulders
F#
16
star
12

Microservice-Edge-Testing-Example

A sample implementation of complex microservice edge testing using distributable fakes
F#
13
star
13

Vertigo.Json

A reflection-based JSON (de)serialization library written in and for F#
F#
13
star
14

baybars

Common Python library for interacting various third party infrastructure(Azure, Nomad, Kafka, Vault, Consul) that we use at Jet
Python
8
star
15

apidiff

Check your API surface
F#
5
star
16

wiremock-admin-api-client

An F# client for the WireMock Admin API
F#
5
star
17

go-interstellar

A Go client for interacting with the REST/SQL API of CosmosDB
Go
4
star
18

oms.infrastructure-talk

Demo code for Open F# in San Francisco
F#
3
star
19

go-mantis

A "standard library" for Jet's Golang codebase
Go
2
star