Public | Automated Build

Last pushed: 24 days ago
Short Description
sslmate kubernetes system
Full Description


Your buddy to keep sslmate certificates synchronized with your Kubernetes cluster

Reloads it's internal config map every 1 minute Checks for new SSLmate certificates to download at start & every 60 minutes

At startup all certs are downloaded and pushed / created according to mappings in configmap

If configmap is updated changes will be propagated within 1 minute

If new SSL certs are added to the privatekey configMap they will be added at the next run ( every 60 minute )
This can be speedup by removing the pod and thereby forcing a complete propagation of all certs.


go get -u
dep init
dep ensure^2.0.0  

Local testing

When started in a local docker the K8S clientcmd package is used and will need a config file containing certs / token to talk to a K8S cluster

docker run --rm -it --name k8s-sslmate -e SSLMATE_API_KEY="YourSSLmateAPIkey" -v /path/to/.kube:/opt/.kube pasientskyhosting/k8s-sslmate

Deployment to K8S

There are deployment manifests included in this repo:


Attention!: k8s-sslmate assumes that the lowercase word 'star' is used for wildcard certificates and will configure SSLmate to act accordingly!

To create a secret containing your privatekeys used with SSLmate issue the following after creating the namespace

kubectl create secret generic sslmate-private-keys --from-file=domain.tld.key --from-file=star.somedomain.tld.key --namespace k8s-sslmate


Creates the namespace k8s-sslmate where the application will be running

kubectl create -f manifests/00-namespace.yaml


Edit to suit your needs. The mapping is very simple where the domain name is the key and a comma separated list after is the namespaces to deploy the CERTs to.

kubectl create -f manifests/01-configmap.yaml


Base64 encode your SSLmate API key and insert into the template. then create with

kubectl create -f manifests/02-sslmate-api-key.yaml


The actuall deployment. It will reference your sslmate-api-key secret and use as a environment variable

k8s-sslmate CLI reference


Set the SSLmate cert directory, default /etc/sslmate/keys/


Set the SSLmate key directory, default /etc/sslmate/keys/


Set the path to your kubernetes config, default /opt/.kube/config

Docker Pull Command
Source Repository