I have a confession. I'm running a virtual F5 at home as a lab device and ingress controller but it does not have any legitimate management certificate.
<Pause for rotten tomatoes...>
However, I do run a Kubernetes kluster with cert-manager and it automates certificate signing via Let's Encrypt and GCP so I figured maybe it'd be nice to write some sort of K8s Webhook or BatchJob which manages certificates on F5 devices.
I know there are ACME scripts for this and code examples using ie. Python but I want to do this in my Kubernetes cluster.
My questions are:
Has anyone done this before? If so, want to share the code?
If not, would anyone be interested in using this?
Naturally it'd be published on GitHub like all the other things I do, if I do it.
Solved! Go to Solution.
you're wanting to have a process in your cluster to manage/automate the certs on BIG-IP for container ingress services? I'm not sure all the pieces are there, but Sebastian wrote up using vault and AS3 in that regard, maybe something in there helpful toward achieving that?
I've found as3 a bit challenging to use in cases with shared partitions as it seems like it has to manage the whole partition, but my experience is very limited so I hope I'm wrong.
In this case it'd be ad-hoc cert management with the following DoD:
Can I do this with AS3?
Made some progress. Now I have a script to manage the management certificate:
Next step is to find a smart way to manage the certificates using Kubernetes. Leaning towards a configmap and a batchjob/webhook. Suggestions welcome!