keyfactor/ejbca-k8s-csr-signer repository overview

EJBCA Certificate Signing Request (CSR) Proxy for K8s forwards certificate signing requests generated by Kubernetes to EJBCA⁠ for signing by a trusted enterprise certificate authority. The signer operates within the K8s CertificateSigningRequests API⁠ and implements a Controller that uses the the V1 CertificateSigningRequests informer to handle associated resources. CSRs are only enrolled if they are approved using an approver⁠.

CSRs can be submitted to EJBCA either using the REST API or EST. EST is only avialable in the EJBCA Enterprise version.

⁠Community Support

In our Community⁠ we welcome contributions. The Community software is open source and community supported, there is no support SLA, but a helpful best-effort Community.

• To report a problem or suggest a new feature, use GitHub > EJBCA K8s CSR Signer Issues⁠.

• If you want to contribute actual bug fixes or proposed enhancements, use GitHub > EJBCA K8s CSR Signer Pull requests⁠.

• Ask the community for ideas: GitHub > EJBCA Discussions⁠.

• Read more in our documentation: EJBCA Documentation⁠, EJBCA K8s CSR Signer Documentation⁠.

• Read more on the open source project website: EJBCA website⁠.

⁠Commercial Support

Commercial support is available for EJBCA Enterprise⁠.

⁠License

EJBCA K8s CSR Signer is licensed under the LGPL license⁠.

⁠Minimum System Requirements

To run the EJBCA K8s CSR Signer container a system should fulfill these minimum requirements:

• at least 100m CPU

• at least 128MB RAM

⁠Usage

• Getting Started⁠
• Usage
  • Documentation⁠
  • Demo usage with Istio⁠
  • Configuration with Hashicorp Vault⁠