kube-cert-http

An adapter that lets Go's net/http package fetch certificates from kubernetes. Works great with github.com/PalmStoneGames/kube-cert-manager, or any other tool that will create tls secrets within your kubernetes cluster (even manually)

Secret format

kube-cert-http picks up all secrets of the type kubernetes.io/tls and will grab the certs from them and make them available for Go to use if it gets a request on that domain. Additionally, the secrets need to have a "domain" label set in their metadata, which corresponds to the domain that the cert/private key should be used for.

Usage

Usage is quite simple, assuming kubectl proxy is running and can be connected to on its default port (8001), you can do as follows:

package main

import (
	"net/http"
	"github.com/PalmStoneGames/kube-cert-http"
	"log"
)

func main() {
	log.Fatal(kubeCertHTTP.ListenAndServeTLS("", kubeCertHTTP.APIHostKubectlProxy, kubeCertHTTP.DefaultNamespace, http.HandlerFunc(handler)))
}

func handler(w http.ResponseWriter, r *http.Request) {
	w.Write([]byte("hello"))
}

Deployment

Setup a deployment with two pods:

• Your application
• Kubectl proxy

You can do this with a deployment that looks like this:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: my-app
  name: my-app
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: my-app
      name: my-app
    spec:
      containers:
        - name: my-app
          image: my-user/my-app:latest
        - name: kubectl-proxy
          image: palmstonegames/kubectl-proxy:1.3.6