Allow arbitrary secret names for certificates

[Cryptophobia]

From @gerred on October 6, 2016 15:6

https://github.com/PalmStoneGames/kube-cert-manager is opinionated in its secret name creation with its TPR, as is Deis in secret name usage for certificates. (append with -cert).

We should support any arbitrary secret name to make compatibility with other community tools easier.

Copied from original issue: deis/router#273

[Cryptophobia]

From @krancour on October 6, 2016 16:28

This seems like a good idea.

If I can propose how we'd do this...

My thought is that the annotations on a routable service could reference a secret by name, and the router would use that, if specified. (This would work nicely for people using router without Workflow.) Otherwise, the router would look for the secret using the same naming convention as it does today.

@gerred how does that compare to your own thoughts on this?

[Cryptophobia]

From @gerred on October 6, 2016 16:30

@krancour that looks great 👍 I was trying to sort out how to make our convention backwards portable, and I think that does it. I'll try to whip up a PR today.

Would this be under the same annotation key you think?

[Cryptophobia]

From @krancour on October 6, 2016 16:55

Would this be under the same annotation key you think?

Not sure what you mean.

I'm imagining a new annotation on a routable service. The value of that annotation, if present, just references the secret by name.

[Cryptophobia]

From @gerred on October 6, 2016 16:56

We're on the same page then. I wasn't sure if we were talking about having logic to try to "guess" based on the existing annotation.

[Cryptophobia]

From @krancour on October 6, 2016 16:57

Nope. No guessing.