/gateway-certs-generator

Gateway Certs Generator Opensource Repository: gateway-certs-generator is OpenVPN TLS certificate configuration generator for slice gateways.

Primary LanguageShellApache License 2.0Apache-2.0

Certificate Generator for Slice Gateway

The gateway-certs-generator is an opinionated single-file OpenVPN TLS certificate configuration generator for slice gateways. It enhances easy-rsa (typically bundled with OpenVPN).

easy-rsa is a CLI tool/utility to build and manage a PKI CA. use the CLI tool easy-rsa. Using the tool, create a root certificate authority, and request and sign certificates including intermediate CAs and certificate revocation lists (CRL).

Get Started

It is strongly recommended that you use a released version.

Refer to our documentation on:

Build and Deploy Certificate Generator on a Kind Cluster

To generate certificates, the controller requires the 'gateway-cert-generator' image. So, we create the image and use the image version in the controller values file.

Prerequisites

Before you begin, make sure the following prerequisites are met:

Set up Your Helm Repo

If you have not added avesha helm repo yet, add it.

helm repo add avesha https://kubeslice.github.io/charts/

Upgrade the avesha helm repo.

helm repo update

Build Your Docker Image

To download the latest docker image for gateway-certs-generator, click here.

  1. Clone the latest version of gateway-certs-generator from the master branch.

    git clone https://github.com/kubeslice/gateway-certs-generator.git
    cd gateway-certs-generator
  2. Modify the image name variable IMG in the Makefile to change the docker tag to be built. The default image is set as IMG ?= aveshasystems/gateway-certs-generator:latest. Modify as needed.

    make docker-build

Run Local Image on Kind Cluster

  1. Load the gateway-certs-generator image into your kind cluster (kind). If needed, replace aveshasystems/gateway-certs-generator with your locally built image name in the previous step.
  • Note: If you use a named cluster, specify the name of the cluster you wish to load the images into. See loading an image into your kind cluster.

    kind load docker-image aveshasystems/gateway-certs-generator --name cluster-name

    Example

    kind load docker-image aveshasystems/kubeslice-controller --name kind
  1. Check the loaded image in the cluster. Modify the node name if required.
  • Note: kind-control-plane is the name of the Docker container. Modify as needed.

    docker exec -it kind-control-plane critical images

Deploy the Certificate Generator on a Cluster

  1. Create the chart values file called yourvaluesfile.yaml. Refer to values.yaml to update the kubeslice-controller image to the local build image.

From the sample:

kubeslice:
---
---
   ovpnJob:
   ---
   ---
      image: aveshasystems/gateway-certs-generator
      tag: 0.1.0

Change it to:

kubeslice:
---
---
   ovpnJob:
   ---
   ---
      image: <my-custom-image> 
      tag: <unique-tag>
  1. Deploy the updated chart.

    make chart-deploy VALUESFILE=yourvaluesfile.yaml

Uninstall the KubeSlice Controller

For more information, see uninstalling KubeSlice.

make chart-undeploy

License

Apache License 2.0