Skip to content

feat(tls): support for tls generation with duration#4769

Merged
brandtkeller merged 12 commits into
mainfrom
4767_tls_duration_gen
Apr 13, 2026
Merged

feat(tls): support for tls generation with duration#4769
brandtkeller merged 12 commits into
mainfrom
4767_tls_duration_gen

Conversation

@brandtkeller
Copy link
Copy Markdown
Member

@brandtkeller brandtkeller commented Mar 31, 2026
edited
Loading

Description

Adds support for --duration to zarf tools gen-pki in order to support a more composable model of custom certificate requirements.

This is then made compatible with the zarf agent tls (as outlined in the issue) by allowing zarf init to accept agent tls ca,cert,key.

# generate tls ca,cert,key with a 10 year duration
zarf tools gen-pki agent-hook.zarf.svc --duration 87600h
# pass provided tls information above to zarf init
zarf init --agent-tls-ca tlstest/tls.ca --agent-tls-cert tlstest/tls.crt --agent-tls-key tlstest/tls.key

Related Issue

Fixes #4767

Relates to #

Checklist before merging

@brandtkeller brandtkeller self-assigned this Mar 31, 2026
@netlify
Copy link
Copy Markdown

netlify Bot commented Mar 31, 2026
edited
Loading

Deploy Preview for zarf-docs ready!

Name Link
🔨 Latest commit 739d386
🔍 Latest deploy log https://app.netlify.com/projects/zarf-docs/deploys/69dd1d35b389ae00085d7cd0
😎 Deploy Preview https://deploy-preview-4769--zarf-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@codecov
Copy link
Copy Markdown

codecov Bot commented Mar 31, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 32.45614% with 77 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
src/cmd/initialize.go 12.96% 47 Missing ⚠️
src/cmd/zarf_tools.go 46.66% 16 Missing ⚠️
src/pkg/cluster/cluster.go 22.22% 4 Missing and 3 partials ⚠️
src/pkg/pki/pki.go 70.00% 2 Missing and 1 partial ⚠️
src/pkg/state/state.go 70.00% 2 Missing and 1 partial ⚠️
src/pkg/packager/deploy.go 0.00% 1 Missing ⚠️
Files with missing lines Coverage Δ
src/cmd/viper.go 54.44% <ø> (ø)
src/pkg/packager/deploy.go 0.00% <0.00%> (ø)
src/pkg/pki/pki.go 39.53% <70.00%> (+0.49%) ⬆️
src/pkg/state/state.go 28.40% <70.00%> (+1.42%) ⬆️
src/pkg/cluster/cluster.go 46.61% <22.22%> (-0.59%) ⬇️
src/cmd/zarf_tools.go 33.33% <46.66%> (+0.59%) ⬆️
src/cmd/initialize.go 24.48% <12.96%> (-1.75%) ⬇️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@brandtkeller brandtkeller marked this pull request as ready for review April 3, 2026 22:55
@brandtkeller brandtkeller requested review from a team as code owners April 3, 2026 22:55
AustinAbro321
AustinAbro321 requested changes Apr 6, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@AustinAbro321 AustinAbro321 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good start, some ideas and thoughts on the first pass through

Comment thread src/cmd/zarf_tools.go Outdated
Comment thread src/cmd/initialize.go Outdated
Comment thread src/cmd/zarf_tools.go Outdated
@github-project-automation github-project-automation Bot moved this to In progress in Zarf Apr 6, 2026
AustinAbro321
AustinAbro321 requested changes Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@AustinAbro321 AustinAbro321 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UX consideration on re-init

Comment thread src/cmd/initialize.go
Comment thread src/cmd/zarf_tools.go Outdated
AustinAbro321
AustinAbro321 reviewed Apr 10, 2026
View reviewed changes
Comment thread src/cmd/initialize.go Outdated
Comment thread src/cmd/initialize.go
AustinAbro321
AustinAbro321 requested changes Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@AustinAbro321 AustinAbro321 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One request otherwise lgtm

Comment thread src/cmd/initialize.go Outdated
@brandtkeller brandtkeller added this pull request to the merge queue Apr 13, 2026
Merged via the queue into main with commit 1fd32d5 Apr 13, 2026
43 checks passed
@brandtkeller brandtkeller deleted the 4767_tls_duration_gen branch April 13, 2026 21:20
@github-project-automation github-project-automation Bot moved this from In progress to Done in Zarf Apr 13, 2026
@zarf-release-please zarf-release-please Bot mentioned this pull request Apr 13, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AustinAbro321 AustinAbro321 AustinAbro321 approved these changes

Assignees

@brandtkeller brandtkeller

Labels

None yet

Projects

Zarf
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support Configurable Agent TLS Certificate Expiration

2 participants

@brandtkeller @AustinAbro321