TLSProfile using secret references - certificate bundles and parent profiles

F5Networks / k8s-bigip-ctlr

Repository for F5 Container Ingress Services for Kubernetes & OpenShift.

Apache License 2.0

365 stars 195 forks source link

TLSProfile using secret references - certificate bundles and parent profiles #3372

Closed pmilot closed 7 months ago

pmilot commented 7 months ago

How do specify chain bundles and parent profiles when using secrets to store cert/keys.

Is it possible to specify a chain certificate/bundle when using secret to store the cert/key ?

And is it possible to specify a parent profile when using a secret to store the cert/key so that we can use a profile with stronger cipher groups and/or client authentication settings.

My goal is to use cert-manager with ACME to manage the TLS certificates

pmilot commented 7 months ago

Should of added I'm using TLSProfile and VirtualServer CRDs

pmilot commented 7 months ago

I was able to figure out how to get the F5 pass on the chain in the TLS handshake by putting the full bundle in the secret.

However, I still need to be able to select a parent profile other than the default /Common/clientssl using secret as a reference.

pmilot commented 7 months ago

After more investigation, I have replaced this issue with #3378 for more clarity