Closed simongottschlag closed 5 years ago
chiradeep
commented
5 years ago Just to clarify:
simongottschlag
commented
5 years ago Hi!
A few examples:
These are just a few.
chiradeep
commented
5 years ago In general, the Citrix ADC platform is on progress to integrate with these secret managers. In the context of Kubernetes Ingress, what are the requirements? If there is nothing specific to Kubernetes Ingress, I'd like to close this issue.
simongottschlag
commented
5 years ago Hi,
In the ingress case It would be great to get certs that way, as well as credentials for ADCs(?)
chiradeep
commented
5 years ago Is the ADC a VPX/MPX or a CPX?
simongottschlag
commented
5 years ago Was thinking both, but we are using VPX/MPX
pankajharnandka
commented
5 years ago Simon we are planning to integrate with vaults in both traditional departments as well as k8s in future. Currently plan is to integrate with Hashicorp and keywhiz for getting certs and keys from remote vaults and keep in memory. In future, we will work on automating certs rotation by using vaults/secret discover services.
chiradeep
commented
5 years ago The TLS Kubernetes secret specified in the ingress resource gets copied to the ADC as an SSL certificate. So, you have to get your Vault secrets converted to Kubernetes secrets. There is a project here: https://github.com/Boostport/kubernetes-vault which can do that. Of course if the secret changes (rotates), the ingress controller will not update it in the ADC
simongottschlag
commented
5 years ago Ok! Thanks :) Looking forward to seeing this.
chiradeep
commented
5 years ago
Hi,
We are using Hashicorp for both secrets and PKI. Kubernetes already has an authentication method in Vault.
Would it be possible to integrate with Vault for secrets and certificates?