search

Azure / kubernetes-keyvault-flexvol

Azure keyvault integration with Kubernetes via a Flex Volume
MIT License
253 stars 84 forks source link

Create PEM files directly in volumes #151

Closed aelij closed 3 years ago

aelij commented 4 years ago

Describe the request Currently KVFV allows fetching certificates in the PFX format, which is not usable by many Linux components. It's possible to use initContainers and call openssl to convert them, but it would be much simpler if the extension would convert to PEM files by specifying an option.

Describe the solution you'd like Specify an option, e.g. secretformat

flexVolume:
    driver: "azure/kv"
    options:
        keyvaultname: "myvault"
        keyvaultobjectname: "cert1"
        keyvaultobjecttype: "secret"
        secretformat: "pem"

Describe alternatives you've considered Convert in each pod using initContainers.

horvatic commented 4 years ago

Can you post the work around? Looks like the cert, and key format are converted to something none pem. Which is really annoying...

aelij commented 4 years ago

@horvatic The workaround is in the above link.

horvatic commented 4 years ago

@horvatic The workaround is in the above link.

Works like a charm. Also works for Istio!

aelmanaa commented 4 years ago

thanks for the workaround @aelij

this would be a nice enhancement indeed