fetch-k8s-cert/config-example.yaml at master · rossigee/fetch-k8s-cert · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# Example configuration for fetch-k8s-cert v2.1.6

# Kubernetes API configuration
k8sAPIURL: https://your.cluster.address:6443
k8sCACertFile: /etc/pki/tls/ca.crt
skipTLSVerification: false

# Authentication
token: eyJhbGciOiJSUzI1NiIs...  # JWT token from service account

# Target secret
namespace: yournamespace
secretName: service-tls

# Local file paths
localCAFile: /etc/pki/tls/service-ca.pem
localCertFile: /etc/pki/tls/service-cert.pem
localKeyFile: /etc/pki/tls/service-key.pem

# Service reload command
reloadCommand: "systemctl restart yourservice"

# Certificate handling
useIntermediateCA: true

# Observability configuration (optional)
observability:
  # Logging
  logLevel: info                    # debug, info, warn, error
  logFormat: json                   # text, json
  logToFile: false                  # enable file logging
  logFile: /var/log/fetch-k8s-cert.log
  enableStructured: true           # structured logging fields

  # Metrics (Prometheus)
  enableMetrics: true               # enable metrics server
  metricsPort: 8080                 # metrics server port
  metricsPath: /metrics             # metrics endpoint path
  metricsAddress: 0.0.0.0           # bind address

  # Tracing (OpenTelemetry)
  enableTracing: true               # enable distributed tracing
  tracingEndpoint: http://localhost:4318  # OTLP endpoint (path /v1/traces added if not present)
  tracingHeaders:                   # additional headers
    Authorization: "Bearer <token>"
  tracingSampling: 1.0              # sampling ratio (0.0-1.0)