...
kubectl create -f rapps-cfssl.yaml
Note if you want to use this with the postgres db you'll need to setup a new schema and username/password and create the tables.
Code Block | ||||
---|---|---|---|---|
| ||||
SELECT 'CREATE DATABASE cfssl'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'cfssl')\gexec
DO $$
BEGIN
IF NOT EXISTS (SELECT FROM pg_user WHERE usename = 'cfssl') THEN
CREATE USER cfssl WITH PASSWORD 'cfssl';
GRANT ALL PRIVILEGES ON DATABASE cfssl TO cfssl;
END IF;
END
$$; |
Login as the cfssl user then create the tables:
Code Block | ||||
---|---|---|---|---|
| ||||
CREATE TABLE IF NOT EXISTS certificates (
serial_number bytea NOT NULL,
authority_key_identifier bytea NOT NULL,
ca_label bytea,
status bytea NOT NULL,
reason int,
expiry timestamptz,
revoked_at timestamptz,
pem bytea NOT NULL,
issued_at timestamptz,
not_before timestamptz,
metadata jsonb,
sans jsonb,
common_name TEXT,
PRIMARY KEY(serial_number, authority_key_identifier)
);
CREATE TABLE IF NOT EXISTS ocsp_responses (
serial_number bytea NOT NULL,
authority_key_identifier bytea NOT NULL,
body bytea NOT NULL,
expiry timestamptz,
PRIMARY KEY(serial_number, authority_key_identifier),
FOREIGN KEY(serial_number, authority_key_identifier) REFERENCES certificates(serial_number, authority_key_identifier)
); |
Once the pod is up and running you can connect to it by using port forwarding:
...