Skip to content

docs: Document the SecretClass property additionalTrustRoots.configMap #578

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
siegfriedweber merged 3 commits into from
Mar 27, 2025
Merged

docs: Document the SecretClass property additionalTrustRoots.configMap #578

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fed32ae
docs: Document the SecretClass property additionalTrustRoots.configMap
siegfriedweber Mar 25, 2025
2340dda
Merge branch 'main' into doc/configmap-with-trust-roots
siegfriedweber Mar 25, 2025
467d89f
docs: Fix the references of the SecretClass parameters
siegfriedweber Mar 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 13 additions & 5 deletions docs/modules/secret-operator/pages/secretclass.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,8 +114,11 @@ spec:
rsa:
length: 4096
additionalTrustRoots:
- configMap:
name: trust-roots-configmap
namespace: default
- secret:
name: trust-roots
name: trust-roots-secret
namespace: default
maxCertificateLifetime: 15d # optional
----
Expand All @@ -129,12 +132,17 @@ spec:
`autoTls.ca.keyGeneration`:: Configures how keys should be generated.
`autoTls.ca.keyGeneration.rsa`:: Declares that keys should be generated using the RSA algorithm.
`autoTls.ca.keyGeneration.rsa.length`:: The amount of bits used for generating the RSA key pair. Currently, `2048`, `3072` and `4096` are supported. Defaults to `2048` bits.
`additionalTrustRoots`:: Configures additional trust roots which are added to the CA files or truststores in the provisioned volume mounts.
`additionalTrustRoots.secret`::
Reference (`name` and `namespace`) to a K8s `Secret` object where the trusted certificates are stored.
`autoTls.additionalTrustRoots`:: Configures additional trust roots which are added to the CA files or truststores in the provisioned volume mounts.
`autoTls.additionalTrustRoots.configMap`::
Reference (`name` and `namespace`) to a K8s `ConfigMap` object where trusted certificates are stored.
The extension of a key defines its content:
* `.crt` denotes a stack of PEM (base64-encoded DER) certificates.
* `.der` denotes a binary DER certificate.
`autoTls.additionalTrustRoots.secret`::
Reference (`name` and `namespace`) to a K8s `Secret` object where trusted certificates are stored.
The extension of a key defines its content:
* `.crt` denotes a stack of PEM (base64-encoded DER) certificates.
* `.der` denotes a a binary DER certificates.
* `.der` denotes a binary DER certificate.
`autoTls.maxCertificateLifetime`:: Maximum lifetime the created certificates are allowed to have. In case consumers request a longer lifetime than allowed by this setting, the lifetime will be the minimum of both.

[#backend-certmanager]
Expand Down