Page MenuHomeSoftware Heritage

[dynamic infra] Manage SSL certificates
Closed, MigratedEdits Locked


We need a way to manage the ssl certificates for the ingress that need it (argo, reaper, thanos services, ...)

@olasd suggested that we could reuse the current letsencrypt mecanism we have in place and add a new hook that commit the generated certificate in a kubernetes secret at the right place

We have a couple of hooks today:

Pending questions:

  • How to configure the secret(s) where the certificate must be stored
    • Possible solutions:
      • use the domain name to name the secret
      • grep for a label on the secret containing the domain name
      • configure the path on the puppet configuration (like the
  • How to bootstrap a certificate secret placeholder ?
    • but how to give the configuration to the underlying script ?
  • ...