ASK HN: Managing Kubernetes TLS Using Vault
Hi guys, I've been doing Kelsey Hightower's Kubernetes The Hard Way (https://github.com/kelseyhightower/kubernetes-the-hard-way), but I've decided to go even a harder way.
So, I've decided to manage the infra in terraform & build full CI/CD pipelines, and I'm stuck at generating and distributing TLS certificates. (https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/04-certificate-authority.md)
Doing it with bash script's & cfssl would require me to do some hacky stuff inside my pipelines, and I'd rather solve that too with terraform.
I've been thinking about provisioning an off-k8s HA Hashicorp Vault cluster of VMs built with packer and use vault terraform provider to generate all the needed certs.
But I in general kinda suck at understanding TLS, or more – the related PKI infrastructure, chain of trust and how it works, my brain seems kinda resilient to it.
So, looking for an advice on how to approach it.
No comments yet.