kube-ingress-aws-controller
kube-ingress-aws-controller copied to clipboard
Add an option to allow to have only tagged certs to be available for use
As of today all issued
ACM and IAM certificates are detected and possibly put into the TLS Listener of ALB/NLB dependeing on matching hostnames and ingress/routegroup resources.
After a production incident, one idea is to make the switch of certificates more explicit.
To allow explicitly taking a certificate to production, we can have a flag --tag=k=v
that would only detect certificates that have a tag key k
with a tag value v
. This option should be optional, which ensures non breaking change and deployments can ensure the migration, before using this feature.