Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Helm support for generating remote client certificates for accessing services

Description

Add helm chart support for generating remote client certificates.  When a service is configured to require client certificates to identify trusted remote connections these certificates can be deployed to the remote end for use via mTLS.

Conclusion

None

Activity

Show:

Anthony Fishbeck February 8, 2022 at 9:02 PM

Will generate client certificates like these:

Anthony Fishbeck February 8, 2022 at 8:57 PM
Edited

I've added preliminary support for remoteClients for an ESP component with externally facing services.

First step is to enable certificates, and the cert-manager issuer "remote".

certificates:
enabled: true
remote:
name: hpcc-remote-issuer

  1.  

    1. set enabled to true if adding remoteClients for any components
      enabled: true

Then add the list of remote clients to the ESP.

This will:
1. Make that ESP require client certificates.
2. create a client certificate for each remoteClient. The certificates and private keys must be set up for the client.
3. Restricts access to the ESP to listed clients.

Future work may define other ways of adding or using client certificates.

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Components

Assignee

Reporter

Priority

Fix versions

Pull Request URL

https://github.com/hpcc-systems/HPCC-Platform/pull/15747

Created February 8, 2022 at 8:53 PM
Updated February 28, 2022 at 12:58 PM
Resolved February 28, 2022 at 10:04 AM