internal certificate distribution? - eviltoast

How do you manage the distribution of internal TLS network certificates? I’m using cert-manager to generate them, but the root self-signed certificate expires monthly which makes distribution to devices outside of K8s a challenge. It’s a PITA to keep doing this for the tablet, laptop and phones. I can bump the root cert to a year, but I’m concerned that the date will sneak up on me. Are there any automated solutions?

  • johntash
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    If the operator doesn’t allow it for some reason, uninstall it and try with the helm chart instead?

    Or is there a reason to use the operator?

    • r0ertel@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      I think it may support it, but it’s not well documented. I’ll need to read up a bit. I started with helm charts but like how operators, um operate. They upgrade on their own and are very stable. Honestly, though, it was mostly because I wanted to learn how they work.