Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deploy Cert Manager #44

Open
5 tasks
mischavandenburg opened this issue Jan 11, 2025 · 1 comment
Open
5 tasks

Deploy Cert Manager #44

mischavandenburg opened this issue Jan 11, 2025 · 1 comment

Comments

@mischavandenburg
Copy link
Owner

mischavandenburg commented Jan 11, 2025
edited
Loading

Implement cert-manager for TLS Certificate Management

Description

We need to deploy and configure cert-manager to automate the management of TLS certificates in our k3s cluster. This will provide automated certificate issuance and renewal for our cluster services, including ArgoCD and our identity provider.

Requirements

  • Deploy cert-manager using GitOps principles
  • Configure integration with Let's Encrypt
  • Set up ClusterIssuer for staging
  • Ensure proper certificate management for cluster ingresses

Technical Considerations

  • Must be deployed via GitOps workflow
  • Should integrate with our existing ingress setup
  • Need to consider rate limits for Let's Encrypt
  • DNS validation preferred over HTTP validation for reliability

Tasks

  1. Initial Setup

    • Create necessary Kubernetes manifests or Helm deployment
    • Set up monitoring for cert-manager components
    • Configure proper resource requests/limits

  2. Let's Encrypt Integration

    • Create staging ClusterIssuer
    • Configure DNS or HTTP challenge solver
    • Document rate limits and restrictions

  3. Certificate Management

    • Create certificate templates
    • Set up automated renewal process
    • Configure default certificate settings
    • Implement certificate monitoring

  4. Integration Testing

    • Test certificate issuance
    • Verify auto-renewal functionality
    • Test DNS challenge mechanism
    • Validate certificate chain

  5. Documentation

    • Document deployment process
    • Create troubleshooting guide
    • Write certificate request procedure
    • Document renewal process

Acceptance Criteria

  • cert-manager is successfully deployed and operational
  • Automatic certificate issuance works for test domains
  • Certificate renewal process is verified
  • Integration with existing ingress is confirmed
  • Monitoring is in place for certificate expiration

Additional Notes

  • Plan for potential Let's Encrypt rate limiting
  • Document process for manual certificate requests
  • Consider backup solutions for critical certificates

Resources
@vikramreddym
Copy link

I am interested in picking this up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vikramreddym @mischavandenburg