Trustbuilder is custom-controller and custom-resource that allows for automatic creation of stores for trusted certificates which include PEM files and Java Keystore (JKS) files. The custom resource CertificatePackage defines an output certificate store and a selector that identifies which secrets/configmaps contain certificates that should be added to the indicated certificate store.
resourceType: "output resource type (secret/configmap) - required"
resourceName: "output resource name - required"
key: "key within the output resource data to place the certificate store - required"
passwordSecret: "secret containing the password to sign JKS keystore with - required only for JKS type only"
passwordSecretKey: "key within the passwordSecret containing the password data - required only for JKS type only"
addClusterCA: "(true/false) include the cluster CA in the certificate store. Default: false"
selector: "label selector that selects which secrets contain the source trusted certificates"Secrets and configMaps to be used as sources of trusted certificates should have the annotation trustbuilder.directv.com/trustedcertificate: "true" in addition to a common set of labels that match the selector in the CertificatePackage object.
make install
make deploy IMG=<trustbuilder-image-tag>*Developed using the Kubebuilder Framework, https://github.com/kubernetes-sigs/kubebuilder