Show HN: Kubernetes Certificate Manager – Native Let's Encrypt Integration

I&#x27;ve been using kube-lego [0] to request&#x2F;renew certs from LE. It doesn&#x27;t handle the DNS for you automatically, which has the benefit of working outside of GKE and downside of having to configure DNS yourself. It&#x27;s been working well.<p>[0] <a href="https:&#x2F;&#x2F;github.com&#x2F;jetstack&#x2F;kube-lego" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;jetstack&#x2F;kube-lego</a>

This is cool. I also wrote a Marathon&#x2F;Mesos version, without the vendor lock-in: <a href="https:&#x2F;&#x2F;mesosphere.com&#x2F;blog&#x2F;2016&#x2F;04&#x2F;06&#x2F;lets-encrypt-dcos&#x2F;" rel="nofollow">https:&#x2F;&#x2F;mesosphere.com&#x2F;blog&#x2F;2016&#x2F;04&#x2F;06&#x2F;lets-encrypt-dcos&#x2F;</a>

I&#x27;m proposing an exec based plugin system for the Kubernetes Certificate Manager. Ideally this will make it easy to support any DNS provider written in any language.<p>The goal is to push all DNS providers, including the Google DNS provider, to exec plugins that live out of tree. To ease deployments the &quot;official&quot; Kubernetes Certificate Manager container will include a few DNS providers via exec plugins out of the box. There will be instructions on how to build new containers with additional providers for custom deployments. More details soon.<p>See the proposed exec based plugin model: <a href="https:&#x2F;&#x2F;github.com&#x2F;kelseyhightower&#x2F;dns01-exec-plugins" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;kelseyhightower&#x2F;dns01-exec-plugins</a>

What needs to be done for this to not have the Google requirements?

This requires a registered DNS domain managed by Google Cloud DNS -- I wonder how much work it would take to make that also work with AWS Route53?

I was wondering when someone would try that. I built a k8s cluster from the CoreOS tutorials. Generating certs had contributed to the friction.

Very cool. Just started looking for a solution here, and wasn&#x27;t sold on the Ingress-based approach of kube-lego; I want to be able to do HTTPS-to-the-Pod, so terminating on the Ingress is a no-go for my use-case.<p>Also great work Kelsey on providing a solid example of how to structure a complex k8s integration.

I actually clicked the link hoping to see a good example of how to extend Kubernetes and I was not disappointed. I&#x27;m thinking of writing a plugin that registers DNS names based on a custom annotation on a Service resource.