README
¶
k8s-acme-cache
An ACME autocert cache that stores keys as Kubernetes secrets.
See the example application for a full example, but the basic usage looks like this
import (
"github.com/micahhausler/k8s-acme-cache"
"golang.org/x/crypto/acme/autocert"
"k8s.io/client-go/kubernetes"
)
cache := k8s_acme_cache.KubernetesCache(
"my-acme-secret.secret", // Secret Name
"default", // Namespace
client, // Kubernetes client-go *kubernetes.ClientSet
0, // Deletion Grace Period in seconds
)
certManager := autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist("example.com"), //your domain here
Cache: cache,
}
Required RBAC permissions
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: <role-name>
rules:
- apiGroups:
- ""
resources:
- secret
resourceNames:
- <secret-name>
verbs:
- get
- create
- update
You'll also need a RoleBinding to bind the above role to the ServiceAccount
the application is assigned.
If the secret you want to use is in a different namespace than the application,
use a ClusterRole, and a ClusterRoleBinding
License
MIT License. See License for full text
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func KubernetesCache ¶
func KubernetesCache(secret, namespace string, client kubernetes.Interface, deleteGracePeriod int64) autocert.Cache
KubernetesCache returns an autocert.Cache that will store the certificate as a secret in Kubernetes. It accepts a secret name, namespace, kubrenetes.Clientset, and grace period (in seconds)
Types ¶
This section is empty.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.