certificate-helper is a kubernetes operator to automate the process of generating certificates and storing them as secrets for k8s services
Certificate-helper
- creates the certificate signing request
- approves the certificate signing request
- stores the certificate as a secret with
tls.crt
andtls.key
- Install Webhook-helper
kubectl apply -f https://raw.githubusercontent.com/rc1405/webhook-helper/main/webhook-helper.yaml
kubectl get pods -n webhook-helper -w
- Install certificate helper
kubectl apply -f https://raw.githubusercontent.com/rc1405/k8s-certificate-helper/main/certificate-helper.yaml
kubectl get pods -n certificate-helper -w
- Wait for bootstrap to finish deployment
apiVersion: certificate-helper.io/v1
kind: Certificate
metadata:
name: my-certificate
spec:
namespace: my-example-namespace
service: my-service
alt_names:
- db.my-service
- api.my-service
namespace
: Kubernetes namespace to deploy to (will overwrite anything in the deployment)service
: Name of the service to create the certificate foralt_names
: List of additional names to include as alt names in the certificate
stateDiagram-v2
[*] --> GenerateCert
GenerateCert --> CreateCSR
CreateCSR --> ApproveCSR
ApproveCSR --> WaitForStatus
WaitForStatus --> CheckStatus
CheckStatus --> WaitForStatus
CheckStatus --> CreateSecret
CreateSecret --> [*]
- Run
cargo build --release --features local
- Run
docker build -t rc1405/certificate-helper .
- Update deployment PodSpec and add
imagePullPolicy: Never
- Run
kubectl apply -f certificate-helper.yaml
kubectl delete -f https://raw.githubusercontent.com/rc1405/certificate-helper/main/certificate-helper.yaml