Research `csrapproving` controller for bootstrapping vault TLS
Closed this issue · 1 comments
ewdurbin commented
We're likely to deploy hashicorp vault as a general purpose tls/secrets management tool, consider using https://kubernetes.io/docs/admin/kubelet-tls-bootstrapping/#approval-controller for bootstrapping necessary TLS certs when launching instances.
It appears to be intended for bootstrapping TLS for kubelets, but we may be able to leverage it to initially deploy vault, from there we can bootstrap TLS throughout the rest of the cluster using vault's CA.
ewdurbin commented
implemented on k8s-retool branch