autocert icon indicating copy to clipboard operation
autocert copied to clipboard

Published 20 hours ago verified publisher icon smallstep

Ingress

Open reesericci opened this issue 4 years ago • 2 comments
trafficstars

What would you like to be added

Secure kubernetes ingresses with autocert.

Why this is needed

To make it easy to issue certificates to an ingress controller and terminate tls at the ingress.

reesericci avatar Jan 22 '21 22:01 reesericci

This is right now not possible with autocert. The current version of autocert injects containers in pods that takes care of authorizing the first certificate, and take care of the renewals.

To make it available on ingresses you need to save the certificates in a kubernetes.io/tls resource, and monitor them to refresh them. Right now this is not something autocert is ready to do. However it would be possible to hack this, using a pod that takes care of updating the resource once a new certificate is issued. This hack would be out of the scope of autocert.

We can consider this issue for an unplanned version of autocert v2.

maraino avatar Jan 25 '21 19:01 maraino

ok cool. my cluster dns is out of whack currently :)

reesericci avatar Jan 25 '21 19:01 reesericci