nginx · javorszky · Oct 28, 2025 · Nov 4, 2025 · Nov 10, 2025 · Nov 12, 2025
@@ -82,7 +82,7 @@ runs:
         -v "/var/run/docker.sock:/var/run/docker.sock" \
         -v ~/.docker:/root/.docker \
         -v ${{ github.workspace }}/tests:/workspace/tests \
-        -v ${{ github.workspace }}/examples/common-secrets:/workspace/examples/common-secrets \
+        -v ${{ github.workspace }}/common-secrets:/workspace/common-secrets \
         -v ${{ github.workspace }}/deployments:/workspace/deployments \
         -v ${{ github.workspace }}/charts:/workspace/charts \
         -v ${{ github.workspace }}/config:/workspace/config \

@@ -54,6 +54,10 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
 
+      - name: Generate TLS certificates
+        run: |
+          make certs
+
       - name: Set image variables
         id: image_details
         run: |

@@ -64,3 +64,7 @@ package.json
 # kind kube-config
 kube-local
 venv/
+
+# generated tls certificates
+common-secrets/*
+!common-secrets/.gitkeep
@@ -264,3 +264,11 @@ update-crd-docs: ## Update CRD markdown documentation from YAML definitions
 	@echo "Generating CRD documentation..."
 	@go run hack/generate-crd-docs.go -crd-dir config/crd/bases -output-dir docs/crd
 	@echo "CRD documentation updated successfully!"
+
+.PHONY: certs
+certs: ## Create just in time TLS certificates needed for tests and examples
+ifeq (, $(shell command -v go))
+	docker run --rm -v .:/workspace/kubernetes-ingress -w /workspace/kubernetes-ingress golang:1.25.4-trixie make certs
+else
+	make -C hack/tls-cert-gen run
+endif
@@ -0,0 +1,34 @@
+common-secrets/*.yaml
+custom-resources/api-key/cafe-secret.yaml
+custom-resources/backup-directive/transport-server/app-tls-secret.yaml
+custom-resources/backup-directive/virtual-server/cafe-secret.yaml
+custom-resources/basic-auth/cafe-secret.yaml
+custom-resources/basic-configuration/cafe-secret.yaml
+custom-resources/cache-policy/cafe-secret.yaml
+custom-resources/cross-namespace-configuration/cafe-secret.yaml
+custom-resources/custom-ip-listeners/virtualserver/cafe-secret.yaml
+custom-resources/custom-listeners/cafe-secret.yaml
+custom-resources/egress-mtls/egress-mtls-secret.yaml
+custom-resources/external-dns/cafe-secret.yaml
+custom-resources/externalname-services/transport-server/app-tls-secret.yaml
+custom-resources/foreign-namespace-upstreams/cafe-secret.yaml
+custom-resources/grpc-upstreams/greeter-secret.yaml
+custom-resources/ingress-mtls/tls-secret.yaml
+custom-resources/jwks/tls-secret.yaml
+custom-resources/oidc-fclo/tls-secret.yaml
+custom-resources/oidc/tls-secret.yaml
+custom-resources/rate-limit-tiered-jwt-claim/cafe-secret.yaml
+custom-resources/service-insight/service-insight-secret.yaml
+custom-resources/tls-passthrough/app-tls-secret.yaml
+custom-resources/transport-server-sni/cafe-secret.yaml
+custom-resources/transport-server-sni/mongo-secret.yaml
+ingress-resources/app-protect-dos/webapp-secret.yaml
+ingress-resources/app-protect-waf/cafe-secret.yaml
+ingress-resources/basic-auth/cafe-secret.yaml
+ingress-resources/complete-example/cafe-secret.yaml
+ingress-resources/mergeable-ingress-types/cafe-secret.yaml
+ingress-resources/proxy-set-headers/mergeable-ingress/cafe-secret.yaml
+ingress-resources/proxy-set-headers/standard-ingress/cafe-secret.yaml
+ingress-resources/rate-limit/cafe-secret.yaml
+ingress-resources/security-monitoring/cafe-secret.yaml
+shared-examples/default-server-secret/default-server-secret.yaml