starlingx/docs
Code Issues Proposed changes
Files
99b62b3308dc76da43a832030d9b4239dd04978b
docs/doc/source/usertasks/kubernetes/issuers-in-distributed-cloud-fbc035675c0f.rst
Elisamara Aoki Goncalves 99b62b3308 Doc improvements in Certificate Management 
Fixed text formatting issues.

Fixed title, added reference and added subheading to page.

Removed extra space in code-block.

Created new topics properly and fixed acronyms and formatting issues.

Fixed code-block issues.

Added extra bullet in External CA and Ingress Controller Example.

Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
Change-Id: I8923a91745f41e75a09c1642776cf6d0275f31f3
2021-10-22 11:15:21 -03:00

2.1 KiB
Raw Blame History

Issuers in Distributed Cloud

In a Distributed Cloud environment, end-users applications have a number of options for the cert-manager ISSUERs they use:

  • (Recommended) As part of your application deployment on each subcloud, create a cert-manager ISSUER for the External that you wish to use for signing your certificates.
    • The External -type ISSUER is configured exactly the same way for each of your application deployments on each subcloud, and
    • Your external clients need only trust a single External s public certificate.
  • As part of your application deployment on each subcloud, create a local internal RootCA ca ISSUER for signing your certificates.
    • The local internal RootCA ca ISSUER should ideally be slightly different (e.g. a unique subject) on each deployment, and
    • Your external clients need to trust each application deployments (on each subcloud) local internal RootCA public certificate.
    • This option is not ideal since this could mean 100s of RootCA Certificates.