Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(spin/certs): automate creating the default CA bundle secret
Supersedes spinkube#184 Automate the creation of a secret for a default CA root certificate bundle. A secret is created in each namespace that contains a spin application. If a secret already exists with the name `spin-ca` it will not be modified. This allows the default `spin-ca` secret to be overridden by the user. The embedded CA bundle is fetched from https://curl.se/ca/cacert.pem and can be updated to the latest by running `go generate ./...`. There is no owner reference on the secret which means it will persist unless manually deleted. Meaning that if spin-operator is removed from the cluster it will not be included in the cascading deletion. Signed-off-by: Adam Reese <[email protected]>
- Loading branch information
