TrustStore

A TrustStore is a Kubernetes resource that can be used to request the trust anchor information (such as the TLS certificate authorities) from a SecretClass.

This can be used to access a protected service from other services that do not require their own certificates (or from clients running outside of Kubernetes).

A TrustStore looks like this:

---
apiVersion: secrets.stackable.tech/v1alpha1
kind: TrustStore
metadata:
  name: truststore-pem (1)
spec:
  secretClassName: tls (2)
  format: tls-pem (3)
1 Also used to name the created ConfigMap
2 The name of the SecretClass
3 The requested format

This will create a ConfigMap named truststore-pem containing a ca.crt with the trust root certificates. It can then either be mounted into a Pod or retrieved and used from outside of Kubernetes.

Make sure to have a procedure for updating the retrieved certificates. The Secret Operator will automatically rotate the autoTls certificate authority as needed, but all trust roots will require some form of update occasionally.
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy