{"id":24956909,"url":"https://github.com/andrewstuart/kube-gen-certs","last_synced_at":"2025-04-10T19:05:22.214Z","repository":{"id":57578739,"uuid":"62474051","full_name":"andrewstuart/kube-gen-certs","owner":"andrewstuart","description":"Generate kubernetes ingress TLS certificates automatically via Vault","archived":false,"fork":false,"pushed_at":"2018-03-28T05:21:44.000Z","size":24916,"stargazers_count":11,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-24T16:46:18.929Z","etag":null,"topics":["automated","certificate","ingress","kubernetes","self-signed","tls","vault"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andrewstuart.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-07-02T23:49:42.000Z","updated_at":"2023-09-22T16:14:19.000Z","dependencies_parsed_at":"2022-09-26T19:11:28.464Z","dependency_job_id":null,"html_url":"https://github.com/andrewstuart/kube-gen-certs","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrewstuart%2Fkube-gen-certs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrewstuart%2Fkube-gen-certs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrewstuart%2Fkube-gen-certs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrewstuart%2Fkube-gen-certs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andrewstuart","download_url":"https://codeload.github.com/andrewstuart/kube-gen-certs/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248279195,"owners_count":21077406,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automated","certificate","ingress","kubernetes","self-signed","tls","vault"],"created_at":"2025-02-03T06:41:37.963Z","updated_at":"2025-04-10T19:05:17.198Z","avatar_url":"https://github.com/andrewstuart.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# kube-gen-certs\n## Generate kubernetes certificates automatically for your ingresses using Vault's PKI functionality\n\nTo have kube-gen-certs create your certificates automatically, either use the\n`-forcetls` option, or annotate your ingresses with `kubernetes.io/tls-vault: \"true\"`.\n\n`kube-gen-certs` will automatically add any tls certificates it does not find,\nand will update certificates as they are about to expire.\n\n### Cluster deployment\n```bash\n# Optional (hosted on docker hub)\n$ make push REG=\"http://docker.astuart.co:5000\" # e.g.\n\n# Edit the dep.yml and/or copy to your personal manifest repo (you have one, right?)\n\n# If you'd like to use configmaps and secrets for the configuration (as dep.yml does by default), then create them as follows, or from manifests wherever you store your config (again, a git repo, right??)\n\n$ kubectl create secret generic vault-creds --from-literal=vault-token=${YOUR_VAULT_TOKEN}\n$ kubectl create configmap vault --from-literal=addr=${YOUR_VAULT_ENDPOINT}\n\n# Uncomment ROOT_CA environment var if vault uses a non-publicly-trusted CA for\n# its own operation (probably, since that's the point)\n\n$ kubectl create secret generic ca --from-file=ca.crt=${PATH_TO_YOUR_CA_CERT}\n\n$ kubectl apply -f dep.yml\n```\n\nUsage of ./kube-gen-certs:\n  -alsologtostderr\n    \tlog to standard error as well as files\n  -forcetls\n    \tforce all ingresses to use TLS if certs can be obtained\n  -incluster\n    \tthe client is running inside a kuberenetes cluster\n  -log_backtrace_at value\n    \twhen logging hits line file:N, emit a stack trace\n  -log_dir string\n    \tIf non-empty, write log files in this directory\n  -logtostderr\n    \tlog to standard error instead of files\n  -self-signed\n    \tself-sign all certificates\n  -stderrthreshold value\n    \tlogs at or above this threshold go to stderr\n  -ttl string\n    \tthe time to live for certificates (default \"240h\")\n  -v value\n    \tlog level for V logs\n  -vault-role string\n    \tthe vault role to use when obtaining certs (default \"vault\")\n  -vmodule value\n    \tcomma-separated list of pattern=N settings for file-filtered logging\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandrewstuart%2Fkube-gen-certs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandrewstuart%2Fkube-gen-certs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandrewstuart%2Fkube-gen-certs/lists"}