No key / secrets cert-manager setup for dev & prod cluster

magda-io / magda

A federated, open-source data catalog for all your big data and small data

https://magda.io

Apache License 2.0

508 stars 93 forks source link

No key / secrets cert-manager setup for dev & prod cluster #3476

Closed t83714 closed 1 year ago

t83714 commented 1 year ago

No key / secrets cert-manager setup for dev & prod cluster

By leveraging google workload identity federation & see here, we can update our current cert-manager setup to no key / secrets secret.

This will save us the efforts of key rotation every 90 days

staffordsmith83 commented 1 year ago

UPDATE 2 August 2023:

Trying to set up so key rotation is not required in the future. @t83714 to discuss with @pete

t83714 commented 1 year ago

done with TerriaJs dev & test cluster & Magda dev cluster. leave DGA cluster as it's (need client's help to update DNS record). All keys are rotated and catalog-manager-route53 was deleted as no longer required