Question
In my case, Fulcio is based on fileca certificate authority backend: the signing keys and self-signed certificates are generated and uploaded by CertManager as a Secret that the Fulcio deployment can mount.
Later on, I will move from self-signed to "company official" certificates.
This said, I notice that ctlog-tiles needs the roots to be known ahead of time and specified directly in values.yaml by the means of a configMap.
What do you think to directly leverage the Fulcio secret instead of copiyng Fulcio secret content into ctlog-tiles configMap ?
Thx
Question
In my case, Fulcio is based on fileca certificate authority backend: the signing keys and self-signed certificates are generated and uploaded by CertManager as a Secret that the Fulcio deployment can mount.
Later on, I will move from self-signed to "company official" certificates.
This said, I notice that
ctlog-tilesneeds the roots to be known ahead of time and specified directly in values.yaml by the means of a configMap.What do you think to directly leverage the Fulcio secret instead of copiyng Fulcio secret content into ctlog-tiles configMap ?
Thx