This repository contains a deployment using
Consul Template to continuously poll
Consul Connect CA Roots and
then update ConfigMaps in Kubernetes in one namespace or more with the CA roots.
These ConfigMaps can then be mounted directly into your pods that require the CA to talk to Consul
Agents.
This setup works well with a Consul Cluster deployed via the official HashiCorp Consul Helm Chart.
This is an alternative to an issue filed with
consul-k8s.
The docker image located in docker/ is basically just Consul Template with kubectl installled.
It is pushed to
basisai/consul-autoencrypt-k8s.
The "official" way to install this deployment is via the Helm Chart.
Note: Uninstalling the Helm chart will not clean up the ConfigMaps created. It is recommended
that you set .Values.consul.configMaps.labels with something unique and then you can discover all
the ConfigMaps to delete.
Using the default value
# List ConfigMaps
kubectl get configmaps -l app="consul-connect-ca" --all-namespaces
# Delete ConfigMaps
kubectl delete configmaps -l app="consul-connect-ca" --all-namespaces