An adapter that lets Go's net/http package fetch certificates from kubernetes. Works great with github.com/PalmStoneGames/kube-cert-manager, or any other tool that will create tls secrets within your kubernetes cluster (even manually)
kube-cert-http picks up all secrets of the type kubernetes.io/tls and will grab the certs from them and make them available for Go to use if it gets a request on that domain. Additionally, the secrets need to have a "domain" label set in their metadata, which corresponds to the domain that the cert/private key should be used for.
Usage is quite simple, assuming kubectl proxy is running and can be connected to on its default port (8001), you can do as follows:
package main
import (
"net/http"
"github.com/PalmStoneGames/kube-cert-http"
"log"
)
func main() {
log.Fatal(kubeCertHTTP.ListenAndServeTLS("", kubeCertHTTP.APIHostKubectlProxy, kubeCertHTTP.DefaultNamespace, http.HandlerFunc(handler)))
}
func handler(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("hello"))
}
Setup a deployment with two pods:
- Your application
- Kubectl proxy
You can do this with a deployment that looks like this:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: my-app
name: my-app
spec:
replicas: 1
template:
metadata:
labels:
app: my-app
name: my-app
spec:
containers:
- name: my-app
image: my-user/my-app:latest
- name: kubectl-proxy
image: palmstonegames/kubectl-proxy:1.3.6