by maxbrydak on 11/1/22, 2:27 PM with 0 comments
So, I've decided to manage the infra in terraform & build full CI/CD pipelines, and I'm stuck at generating and distributing TLS certificates. (https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/04-certificate-authority.md)
Doing it with bash script's & cfssl would require me to do some hacky stuff inside my pipelines, and I'd rather solve that too with terraform.
I've been thinking about provisioning an off-k8s HA Hashicorp Vault cluster of VMs built with packer and use vault terraform provider to generate all the needed certs.
But I in general kinda suck at understanding TLS, or more – the related PKI infrastructure, chain of trust and how it works, my brain seems kinda resilient to it.
So, looking for an advice on how to approach it.