How do I automate creation/renewal of certs with Kubernetes


#1

Similar questions have been asked before, I am not sure if I understood the answers.

I have created the wild card certs for my domain on my local laptop, created a kubernetes secret and applied that to the ingress controller.

I want to automate the renewal, every 90 days, i want a ci/cd pipeline to get new certs and update the secret.

My questions are (and I am trying to think through the automation process)

  • do i upload the certs/keys to a bucket
  • create a certbot container in a CI/CD pipeline, download the contents from the bucket
  • renew the certs
  • update the kubernetes secrets
  • upload the new certs/keys to the bucket?

Is there a better way to automate the process?
Is there in flaw (security, permissions etc)?
Can I incorporate the certbot docker image (somehow, so I don’t have to maintain my own image)?

I am new to letsencrypt, and I might not be asking all the right questions

Thanks
Rajesh