Skip to content
This repository has been archived by the owner on Aug 29, 2022. It is now read-only.

Bootstrap TLS certificates for Pods using the Kubernetes certificates API.

License

Notifications You must be signed in to change notification settings

proofpoint/certificate-init-container

 
 

Repository files navigation

Latest Docker Tag Latest Docker Tag Details

Certificate Init Container

The certificate-init-container generates TLS certificates for pods using the Kubernetes certificate API.

Prerequisites

  • Kubernetes 1.6.0+

Usage

Create a deployment that uses the certificate-init-container:

kubectl create -f deployments/tls-app.yaml

The certificate-init-container will generate a private key, certificate signing request (csr), and submit a certificate signing request to the Kubernetes certificate API, then wait for the certificate to be approved.

For handling approval of certificate requests we recommend using proofpoint/kapprover.

Once the certificate signing request has been approved the certificate-init-container will fetch the signed certificate and write it in both PEM and Java keystore (password "keystore") format to a shared filesystem.

Next the certificate-init-container will exit and the pod will start the remaining containers, which will have access to the certificate and private key.

See the example deployment for more details.

About

Bootstrap TLS certificates for Pods using the Kubernetes certificates API.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 97.1%
  • Dockerfile 2.9%