Rootconf 2019

On infrastructure security, DevOps and distributed systems.

Kingsly - The Cert Manager

Submitted by Tasdik Rahman (@tasdikrahmangojek) on Jun 8, 2019

Section: Crisp talk Technical level: Beginner Session type: Lecture Status: Submitted

Abstract

Problem Statement

Manage SSL/TLS certificate lifecycle for various backends which would include but not limited to
- IPSec VPNs
- HAProxy/envoy proxy

Existing Solutions

Generate certs using openssl(error prone) or use managed solution(expensive)

Solution

  • We built kingsly, which would act as broker between clients and letsencrypt, serving the clients with SSL certs.
  • It takes care of renewal of certs before their expiry dates.
  • extensible by writing custom clients to automate the whole manual process of updating certs with an example client.

Outline

Will go over the problem statement of how managing certs was a difficult problem for us and then how we went ahead solving it using kingsly.

Speaker bio

Product Engineer @ Gojek, Contributor to @oVirt, Backpacker, Weekend chef, theatre enthusiast.

Links

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('You need to be a participant to comment.') }}

{{ formTitle }}
{{ gettext('Post a comment...') }}
{{ gettext('New comment') }}

{{ errorMsg }}