signer-ca is an operator for automatically signing an approved CertificateSigningRequest.
NOTE: This operator is EXPERIMENTAL and requires Kubernetes >= 1.18. It uses Certificates API Enhancements which are only available in Kubernetes >= 1.18.
It watches CertificateSigningRequest (CSR) resources and if the CSR has a .spec.signerName that it recognizes,
and if the CSR has been approved,
it creates a signed certificate using a certificate-authority file that you supply as a command-line argument to the operator.
The signed certificate is configured using the encoded CSR in .spec.request.
The signed certificate is added to the .status.certificate of the CSR resource.
signer-ca can be deployed using kubectl -k config/default.
See config/e2e for an example of how to make a CA file available to the operator, as a mounted secret.
You can build and deploy signer-ca using make docker-build docker-push deploy-e2e DOCKER_PREFIX=gcr.io/<YOUR_PROJECT>/signer-ca/.
See the Makefile for details.
