I've been using this project on GKE for ~2 weeks now in combination with the nginx ingress controller.
I have it configured to use the DNS challenge to get new certs so I don't have to expose an extra port as well.
It feels liberating to just get an SSL cert for any subdomain I need and have the whole process abstracted from me.
I thought I wanted this for a long time, but `kube-lego` gets me very similar results... without needing to inject credentials for my DNS provider to my cluster.
I'm curious if others have thoughts on this vs kube-lego. (I would agree that I like the approach of this project quite a bit more than kelseyhightower's. This feels more complete, works with far more providers, etc)
Whoa! This is really great! Thank you for this (and to think I was excited to see the Caddy secret backend, this is way better IMO)!
edit: Oh my, and I can use this for the HTTP challenge and still use it with other Ingress controllers. I'd love to buy you a beer/rootbeer or something, I'm so tickled to have this!
* it does not support subdomains (only root domains)
* it only supports googlecloud as dns provider
* Bugs and PRs remain unanswered/unmerged
Meanwhile the linked project supports http, SNI and DNS challenges, with around 20 or so DNS providers available. It also supports managing certs for ingress objects directly.
Does it support multiple SANs on a single cert? I want to streamline things like vanity domain redirections, where every domain I add requires me to refresh the cert.
It feels liberating to just get an SSL cert for any subdomain I need and have the whole process abstracted from me.