infra
/
kubernetes
1
0
Fork 0
Code Pull Requests 4 Activity
kubernetes/loki-ca/README.md

563 B
Raw Blame History

Private CA for Grafana Loki Client Authentication

Generate CA Key/Certificate

openssl genpkey -algorithm ED25519 -out loki-ca.key
openssl req -new -config openssl.cnf -key loki-ca.key -x509 -out loki-ca.crt -days 3653

Create SealedSecret

kubectl create secret tls -n cert-manager loki-ca --cert loki-ca.crt --key loki-ca.key --dry-run=client -o yaml | kubeseal -o yaml > secrets.yaml

Note: the SealedSecret is stored in the cert-manager namespace since it is used by a ClusterIssuer.

Deploy

kubectl apply -f .