Security

Automated Code/Infra Scanning

Toward the top, as automated scanning of code and infrastructure is the first line of defense against security compromise.

Infrastructure Scanning

General Info

SSL/TLS Information

SSL Private CA

  openssl req -out mydomain.csr -new -sha256 -newkey rsa:2048 -nodes -keyout mydoamin.key
  openssl ca -config openssl.cnf -in mydomain.csr -out mydomain.crt

Using a Private CA - Cert Manager

Leveraging cert-manager

Create a secrete with the crt and key above (base64 encoded)

kubectl create secret tls internalca --cert=path/to/cert/file --key=path/to/key/file

Then create an issuer for that key

kubectl apply -f - <EOF
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: ca-issuer
spec:
  ca:
    secretName: internalca
EOF

Reading

Steve Miller BY-NC 4.0 | Rendered by Hugo | Subscribe