How to create tls secret from existing k8s secret object

8/8/2019

I want to do a tls termination on my nginx-ingress controller using helm. How do I reference a secret or create a secret object of type kubernetes.io/tls from another secret that was already created and has .crt and .key its values.

I have an application running on multiple microservices. I am creating helm chart to deploy all the microservices. One of them service is called config-init which is a job responsible for creating all the configurations. One of the files it creates include a configMap and a secret object. Both have the same name say gluu.

The problem I am having is I can't seem to automate the part shown below.

tls-secret.sh

if [ ! -f ingress.crt ]; then
    kubectl get secret gluu -o json \
    | grep '\"ssl_cert' \
    | awk -F '"' '{print $4}' \
    | base64 --decode > ingress.crt
fi

if [ ! -f ingress.key ]; then
    kubectl get secret gluu -o json \
    | grep '\"ssl_key' \
    | awk -F '"' '{print $4}' \
    | base64 --decode > ingress.key
fi

kubectl create secret tls tls-certificate --key ingress.key --cert ingress.crt

The above file gets the ssl_cert and ssl_key from the already created secret object and then creates a new tls type obeject using the kubectl command. Then the created tls-certificate will be used in the ingress as shown below:

spec:
  tls:
    - hosts:
      - {{ .Values.global.host }}
      secretName: {{ .Values.global.tlsSecret }} --> #tls-certificate

The problem is that this needs to be automated using helm.

I expect to automate the tls-secret.sh steps in helm since we can't do kubectl create ... in helm.

Any leads, suggestions are highly welcome.

-- Shammir
kubernetes-helm
lets-encrypt
nginx-ingress
ssl
tls1.2

0 Answers