Open
Description
Hey all ! I wonder if you would consider adding a sidecar proxy to the feature list of Autocert.
I was thinking that :
- on an annotation (autocert.step.sm/inject: true), the operator could add the sidecar (e.g envoy) and provide certificates.
- The sidecar pod mount certificates, takes on network and does TLS proxy passthrough
- Optionnaly, the proxy is able to refresh itself when certs are renewed
This is very close to service-mesh I know, but LOT more simple and could resolve use cases in which the application cannot present certificates or auto-refresh when certificates are renewed.
Both ways (with sidecar/without sidecar) could still work together.
I might be interested to contribute on that If you consider it worth/doable.
Regards,