https://github.com/jetstack/kube-lego

這個功能很實用，
現在網站，
只要沒https，
chrome直接就給你跳不安全，
而憑證要錢啊！

但免費憑證是有的
Let's Encrypt
但每次最多只給３個月，
還得手動更新。

而kube-lego則可以協助我們自動更新。

教學

Features
Recognizes the need of a new certificate for this cases:
No certificate existing
Existing certificate is not containing all domain names
Existing certificate is expired or near to its expiry date (cf. option LEGO_MINIMUM_VALIDITY)
Existing certificate is unparseable, invalid or not matching the secret key
Creates a user account (incl. private key) for Let's Encrypt and stores it in Kubernetes secrets (secret name is configurable via LEGO_SECRET_NAME)
Obtains the missing certificates from Let's Encrypt and authorizes the request with the HTTP-01 challenge
Makes sure that the specific Kubernetes objects (Services, Ingress) contain the rights configuration for the HTTP-01 challenge to succeed
Official Kubernetes Helm chart for simplistic deployment.