[Feature]: Add support for kubernetes.io/tls in clientCASecret and serverCASecret #5519
Closed as not planned
Description
Is there an existing issue already for this feature request/idea?
- I have searched for an existing issue, and could not find anything. I believe this is a new feature request to be evaluated.
What problem is this feature going to solve? Why should it be added?
Currently serverCASecret and clientCASecret uses secrets with fields ca.crt and ca.key which is incompatible with secrets of type kubernetes.io/tls
Describe the solution you'd like
Support for fields tls.key and tls.crt in serverCASecret and clientCASecret with kubernetes.io/tls secret type. Either by checking fields or by checking secret type
Describe alternatives you've considered
Kyverno mutation hooks or other solutions to transform objects
Additional context
Certificates, generated with cert-manager are consist of fields tls.crt, tls.key and ca.crt, even if CA certificate is created. The issue is that secret must somehow be transformed with added field ca.key = tls.key and ca.crt = tls.crt.
Only related issue with similar context i found was #2841
Backport?
Yes
Are you willing to actively contribute to this feature?
No
Code of Conduct
- I agree to follow this project's Code of Conduct