search

GoogleCloudPlatform / gke-managed-certs

Managed Certificates for Kubernetes clusters using GCLB
Apache License 2.0
246 stars 32 forks source link

Provide own private key and target for saving a cert #32

Closed golonzovsky closed 5 years ago

golonzovsky commented 5 years ago

Not sure if this project is limited to GKE LB, or it may evolve into more generic use.

Would be useful to provide own private key from kubernetes secret and specify target for cert.

sslCertificates API resource does support providing a private key and exposes generated certs: https://cloud.google.com/compute/docs/reference/rest/v1/sslCertificates

Use case is to be able to use managed certificate without LB. E.g. provisioning public certs for kafka cluster.

Something along the lines:

spec:
  domains:
    - example.com
  providedKeySecret:
    - secret-with-key
  targetCertSecret:
    - secret-example-com-crt

Maybe its not intention of this project and I need to look somewhere into jetstack/cert-manager GKE sslCertificates based issuer..

golonzovsky commented 5 years ago

For my case (non-http) I've ended up using jetstack/cert-manager with acme/dns01/clouddns.

krzykwas commented 5 years ago

This project is rather tightly coupled with GKE Ingress and is unlikely to be extended for use cases that don't include GKE Ingress. Even less likely for use cases not including any load balancer.

If you need non-managed certificates with GKE Ingress, you can configure them using GKE Ingress API.