[dynamic infra] Manage SSL certificates
Closed, MigratedEdits Locked
Actions

Assigned To

Authored By

	vsellier
	Oct 5 2022, 10:11 AM

Description

We need a way to manage the ssl certificates for the ingress that need it (argo, reaper, thanos services, ...)

@olasd suggested that we could reuse the current letsencrypt mecanism we have in place and add a new hook that commit the generated certificate in a kubernetes secret at the right place

We have a couple of hooks today:
https://forge.softwareheritage.org/source/puppet-swh-site/browse/production/site-modules/profile/templates/letsencrypt/

Pending questions:

How to configure the secret(s) where the certificate must be stored
- Possible solutions:
  - use the domain name to name the secret
  - grep for a label on the secret containing the domain name
  - configure the path on the puppet configuration (like the
How to bootstrap a certificate secret placeholder ?
- but how to give the configuration to the underlying script ?
...

Related Objects
Search...

		Status	Assigned	Task
		Migrated	gitlab-migration	T4523 Dynamic infrastructure
		Migrated	gitlab-migration	T4604 [dynamic infra] Manage SSL certificates

Event Timeline

vsellier triaged this task as Normal priority.Oct 5 2022, 10:11 AM

vsellier created this task.

vsellier mentioned this in D8617: thanos: Declare archive-production thanos for live data querying.Oct 5 2022, 10:52 AM

This task has been migrated to GitLab.

[dynamic infra] Manage SSL certificatesClosed, MigratedEdits LockedActions

Description

Related ObjectsSearch...

Event Timeline

[dynamic infra] Manage SSL certificates
Closed, MigratedEdits Locked
Actions

Related Objects
Search...