This repository is part of the commercial open-source project CZERTAINLY. You can find more information about the project at CZERTAINLY repository, including the contribution guide.
This repository contains Helm charts as part of the CZERTAINLY platform.
Use the CZERTAINLY Chart to deploy the platform.
The charts are built in a way that you can install them separately, if you want. There is one global CZERTAINLY Chart that acts as umbrella chart for the platform. You can use it to install complete platform including selected sub-charts as components of the platform.
Library
Core
- CZERTAINLY (umbrella chart)
- Auth Service
- Auth OPA Policies
- Messaging RabbitMQ
API Gateways
Front ends
Connectors
- Common Credential Provider
- EJBCA NG Connector
- PyADCS Connector
- HashiCorp Vault Connector
- X.509 Compliance Provider
- Network Discovery Provider
- Cryptosense Discovery Provider
- CT Logs Discovery Provider
- Keystore Entity Provider
- Software Cryptography Provider
Optional components
- Keycloak Internal (internal Keycloak instance that can be used for authentication through OIDC and connect with various identity providers)
⚠️ For internal Keycloak to process request properly, it is important to have hostname of the CZERTAINLY platform included in the DNS resolver. For local testing, you can upgrade the CZERTAINLY chart with the--set apiGateway.hostAliases.resolveInternalKeycloak=true
. This will resolve the internal Keycloak inside the cluster with proper IP address.
- Utils Service (service that provides various utility functions for the platform)
Some charts may use container images that are part of the private repositories.
In this case it is necessary to provide reference to secret as part of the imagePullSecrets
.
You can use the following command to create such secret in your namespace:
kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
For more information, see Create a Secret by providing credentials on the command line.
The dummy certification authority is pre-built in this repository that can be used for development and testing purposes. You can find it in the dummy-certificates.
The dummy certificates are included by default in the values of the Helm charts. You can install platform with the dummy certificates and access its functions. Dummy CA can be replaced anytime.
You can find some samples in the samples.