Skip to content
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

The project is halted at the moment and has a severe bugg that makes it more or less unusable, please see open issues if you wish to help


Your buddy to keep sslmate certificates synchronized with your Kubernetes cluster

*Reloads it's internal config map every 1 minute
*Checks for new SSLmate certificates to download at start & every 60 minutes

At startup all certs are downloaded and pushed / created according to mappings in configmap

If configmap is updated changes will be propagated within 1 minute

If new SSL certs are added to the privatekey configMap they will be added at the next run ( every 60 minute ) This can be speedup by removing the pod and thereby forcing a complete propagation of all certs.


dep init dep ensure^2.0.0

Local testing

When started in a local docker the K8S clientcmd package is used and will need a config file containing certs / token to talk to a K8S cluster

docker run --rm -it --name k8s-sslmate -e SSLMATE_API_KEY="YourSSLmateAPIkey" -v /path/to/.kube:/opt/.kube roffe/k8s-sslmate

Deployment to K8S

There are deployment manifests included in this repo:


Attention!: k8s-sslmate assumes that the lowercase word 'star' is used for wildcard certificates and will configure SSLmate to act accordingly!

To create a secret containing your privatekeys used with SSLmate issue the following after creating the namespace

kubectl create secret generic sslmate-private-keys --from-file=domain.tld.key --from-file=star.somedomain.tld.key --namespace k8s-sslmate


Creates the namespace k8s-sslmate where the application will be running

kubectl create -f manifests/00-namespace.yaml


Edit to suit your needs. The mapping is very simple where the domain name is the key and a comma separated list after is the namespaces to deploy the CERTs to.

kubectl create -f manifests/01-configmap.yaml


Base64 encode your SSLmate API key and insert into the template. then create with

kubectl create -f manifests/02-sslmate-api-key.yaml


The actuall deployment. It will reference your sslmate-api-key secret and use as a environment variable

k8s-sslmate CLI reference


Set the SSLmate cert directory, default /etc/sslmate/keys/


Set the SSLmate key directory, default /etc/sslmate/keys/


Set the path to your kubernetes config, default /opt/.kube/config


Your buddy to keep sslmate certs in sync with kubernetes cluster



No releases published


No packages published
You can’t perform that action at this time.