hscloud

hswaw

hscloud

mirror of https://gerrit.hackerspace.pl/hscloud

Fork 2

Commit Graph

Author	SHA1	Message	Date
q3k	3a6d67e0c4	cluster/prodvider: rewrite against x509 lib for ed25519 support This gets rid of cfssl for the kubernetes bits of prodvider, instead using plain crypto/x509. This also allows to support our new fancy ED25519 CA. Change-Id: If677b3f4523014f56ea802b87499d1c0eb6d92e9 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1489 Reviewed-by: q3k <q3k@hackerspace.pl>	2023-03-31 22:53:59 +00:00
q3k	f0acf16564	prodvider: use SANs in service certificates This fixes compatibility with prodaccess tools built with Go 1.15, which introduced 'X.509 CommonName deprecation' [1]. [1] - https://golang.org/doc/go1.15#commonname Change-Id: I228cde3e5651a3e36f527783f2ccb4a2f6b7a8e3	2020-10-03 14:56:35 +00:00
q3k	b13b7ffcdb	prod{access,vider}: implement Prodaccess/Prodvider allow issuing short-lived certificates for all SSO users to access the kubernetes cluster. Currently, all users get a personal-$username namespace in which they have adminitrative rights. Otherwise, they get no access. In addition, we define a static CRB to allow some admins access to everything. In the future, this will be more granular. We also update relevant documentation. Change-Id: Ia18594eea8a9e5efbb3e9a25a04a28bbd6a42153	2019-08-30 23:08:18 +02:00

Author

SHA1

Message

Date

q3k

3a6d67e0c4

cluster/prodvider: rewrite against x509 lib for ed25519 support

This gets rid of cfssl for the kubernetes bits of prodvider, instead
using plain crypto/x509. This also allows to support our new fancy
ED25519 CA.

Change-Id: If677b3f4523014f56ea802b87499d1c0eb6d92e9
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1489
Reviewed-by: q3k <q3k@hackerspace.pl>

2023-03-31 22:53:59 +00:00

q3k

f0acf16564

prodvider: use SANs in service certificates

This fixes compatibility with prodaccess tools built with Go 1.15, which
introduced 'X.509 CommonName deprecation' [1].

[1] - https://golang.org/doc/go1.15#commonname

Change-Id: I228cde3e5651a3e36f527783f2ccb4a2f6b7a8e3

2020-10-03 14:56:35 +00:00

q3k

b13b7ffcdb

prod{access,vider}: implement

Prodaccess/Prodvider allow issuing short-lived certificates for all SSO
users to access the kubernetes cluster.

Currently, all users get a personal-$username namespace in which they
have adminitrative rights. Otherwise, they get no access.

In addition, we define a static CRB to allow some admins access to
everything. In the future, this will be more granular.

We also update relevant documentation.

Change-Id: Ia18594eea8a9e5efbb3e9a25a04a28bbd6a42153

2019-08-30 23:08:18 +02:00

3 Commits (bdf2defc07fe4c35c639905fef98e9b087ae4927)