Open tuongngova opened 1 year ago
@pjhill - can we get this item on the docket to discuss in an upcoming CoP meeting. I could see this additionally being a nice little reliability item so gonna cc: @BillChapmanUSDS & @ericboehs
Added to DevOps COP meeting agenda for the week -- https://vfs.atlassian.net/wiki/spaces/DO/pages/2708963329/07+20+2023
Status check: @pjhill Has there been any progress on this item? Is it still under consideration or still active in some capacity?
Hey there @pjhill -- any recent updates on this one? Thanks!
Hi @pjhill - checking in to see if this ticket is still active/has any updates. Or can it be close? Thanks!
Hello @pjhill @JoeTice -- Is this issue in progress? Backlog? Closed? Thanks!
Hi @pjhill @JoeTice - Did anything ever happen with this issue? We're looking to move Reviewed issues into Backlog or In Progress if they're still active, or Closed if not. Thanks!
Hi @pjhill @JoeTice - any update on this issue? Thanks!
I will add this item to the next DevOps COP meeting on Thursday 7/18. It's possible that this feature was partially or completely implemented during a previous effort by Platform's Tech Team 2. The DevOps COP can discuss and investigate the status of this feature in the next meeting.
Describe the problem
Right now we're requesting and renewing certificates with Venafi in the manual fashion. If we can be able to directly request and renew the certificate in AWS EKS cluster via cert-manager, the secrets containing the certificates can be updated automatically.
Who will benefit
All vets-api services which utilizes certificates from Venafi. Sign-in-Service is among those who would benefit from the implementation
Describe your idea
Request Venafi for a service account and required info for cert-manager to configure Venafi as backend cert authority. Have cert-manager configure backend cert authority of Venafi. Configure certificate to be requested and stored in secret Mount the secrets to the containers.
Provide evidence
https://cert-manager.io/docs/tutorials/venafi/venafi/#creating-a-venafi-issuer-resource
Platform Mission
Other:
No response