Hi traefik engineers,
I'm using traefik in a kubernetes environment and am trying to pass automatically generated certificates (through let's encrypt and are stored as json in the
acme.json file) to a deployment or pod as certification files.
As an example have a look at the kubernetes dashboard application: https://github.com/kubernetes/dashboard/blob/master/docs/user/installation.md#recommended-setup
It's one of the use cases where such a scenario is highly recommended in comparison to transferring the data within the cluster unencrypted. Because it's a security vulnerability once a pod in the cluster has gained access to the network traffic.
I'm not a Kubernetes expert, but in case there's no solution for this purpose yet, maybe a volume type CRD which would provide the mounting of certificates in pods from a specified certResolvers and domain.
That's how a simplified pseudo deployment (from the example above) could look like:
apiVersion: apps/v1 kind: Deployment metadata: name: kubernetes-dashboard spec: template: spec: volumes: - name: kubernetes-dashboard-certs certResolver: - name: letsencrypt domains: - main: "example.com" containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.0.4 ports: - containerPort: 8443 protocol: TCP args: - --tls-cert-file=/tls.crt - --tls-key-file=/tls.key volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs
Thanks for your help.
Awesome proxy BTW!