[Use-Case] Internal CA with Vault and Cert-manager

[matttrach]

When Installing Rancher via helm there are a number of requirements including an ingress and the associated Load balancer, dns configuration and certificate considerations. User uses Terraform to install Rancher via helm (onto an EKS cluster), but they are finding the process complex as they are also trying to integrate Vault and cert-manager to provide the ingress certificates from their internal CA.

Describe the solution you'd like

• [ ] Rancher installed on EKS
• [ ] Stand-alone Vault acting as internal CA
• [ ] Cert-Manager talking to Vault to get certificates

[matttrach]

The end result of this issue should be an E2E test validating the use case.

[matttrach]

Usually when I see the Vault internal CA use case it is to achieve an air-gapped deployment, but this use case specifically mentions EKS. What is the goal of using Vault over a free certificate creation platform like Let's Encrypt?

[matttrach]

I would like an example Vault config to fully understand this use case if possible.

[matttrach]

I made the assumption that Vault is stand alone, but there is also the possibility of Vault installed on the same kubernetes cluster as Rancher, where is Vault installed?

[matttrach]

What version of Kubernetes is in use? What version of Rancher, if using one of our kubernetes distributions (I recommend RKE2), what version of those are in use?

[matttrach]

What version of Terraform is in use?