aws-load-balancer-controller icon indicating copy to clipboard operation
aws-load-balancer-controller copied to clipboard
verified publisher icon kubernetes-sigs

Support referencing existing webhook TLS Secret by name

Open alita1991 opened this issue 1 month ago • 1 comments

Describe the feature you are requesting

Allow the AWS Load Balancer Controller webhook to consume an existing Kubernetes TLS Secret by name directly, without requiring to read or embed the certificate contents (ca.crt, tls.crt, tls.key) from values or via template lookups.

Motivation

  • The current approach works only when Helm has direct access to the cluster during render time.
  • In GitOps-managed environments (e.g., ArgoCD), the lookup function fails silently because ArgoCD does not execute live cluster lookups.
  • This prevents the webhook from mounting or referencing an existing TLS secret, breaking automated and declarative deployments.
webhookTLS:
  caCert:
  cert:
  key:

Describe the proposed solution you'd like

webhookTLS:
  existingSecretName: my-webhook-tls

alita1991 avatar Nov 24 '25 18:11 alita1991

Hi, this is a valid feature request. We welcome any community contributions.

kellyyan avatar Dec 03 '25 22:12 kellyyan