search

mittwald / kubernetes-secret-generator

Kubernetes controller for automatically generating and updating secrets
Apache License 2.0
330 stars 57 forks source link

Support generating self-signed TLS Secrets #45

Closed Skeen closed 3 years ago

Skeen commented 3 years ago

Is your feature request related to a problem? Please describe. It would be convenient to be able to generate kubernetes.io/tls secrets, for self-signed TLS on ingress controllers.

Describe the solution you'd like I'd like to be able to specify my TLS secret alike:

apiVersion: v1
kind: Secret
metadata:
  name: tls-cert
  annotations:
    secret-generator.v1.mittwald.de/type: tls
    secret-generator.v1.mittwald.de/duration: 365
    secret-generator.v1.mittwald.de/common_name: example.org
    secret-generator.v1.mittwald.de/organisation: example.org
    ...
data: {}

With the resulting secret being equivalent to running:

$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=example.org/O=example.org"
$ kubectl create secret tls tls-cert --key ${KEY_FILE} --cert ${CERT_FILE}

Describe alternatives you've considered Using Let's Encrypt whenever available, however sometimes the ingress is not internet-facing, or the DNS is local, and thus Let's Encrypt via the Ingress is not an option either.

Running the above two lines to generate secrets by hand.

mittwald-machine commented 3 years ago

There has not been any activity to this issue in the last 30 days. It will automatically be closed after 7 more days. Remove the stale label to prevent this.

martin-helmich commented 3 years ago

Sorry for the late response. We had thought of that feature a while back but ultimately decided to just use CertManager instead, which also supports self-signed certificates (and that probably better than we could do).