additional ca-bundle source options: pvc, url - Githubissues

cert-manager / trust-manager

trust-manager is an operator for distributing trust bundles across a Kubernetes cluster.

https://cert-manager.io/docs/projects/trust-manager/

Apache License 2.0

243 stars 65 forks source link

additional ca-bundle source options: pvc, url #379

Open lknite opened 1 month ago

lknite commented 1 month ago

My source ca-bundle location is via a url, specifically vault provides a url to access its public ca-bundle which includes root and intermediate. (e.g. https://vault.vc-prod.home.net:8200/v1/prod-intermediate-ca/ca_chain)

I can access this via kubernetes by using an initContainer & pvc:

mount the pvc as a volume with initContainer
inside the initContainer use curl to pull the latest ca-bundle, save to pvc mount location

Now I just need to provide this location to trust-manager in the ca-bundle resource.

either by providing the pvc & location in the usual way
OR, we could get around the initContainer & pvc, if it were possible to provide a url location in the Bundle resource