Research `csrapproving` controller for bootstrapping vault TLS

Question

Research `csrapproving` controller for bootstrapping vault TLS

Closed this issue 7 years ago · 1 comments

We're likely to deploy hashicorp vault as a general purpose tls/secrets management tool, consider using https://kubernetes.io/docs/admin/kubelet-tls-bootstrapping/#approval-controller for bootstrapping necessary TLS certs when launching instances.

It appears to be intended for bootstrapping TLS for kubelets, but we may be able to leverage it to initially deploy vault, from there we can bootstrap TLS throughout the rest of the cluster using vault's CA.

Answer 1 · 2017-12-26T14:34:55.000Z

implemented on k8s-retool branch