Kingsly - The Cert Manager
TR
Tasdik Rahman
@tasdikrahmangojek
Section: Crisp talk
Technical level: Beginner
Session type: Lecture
Problem Statement
Manage SSL/TLS certificate lifecycle for various backends which would include but not limited to
- IPSec VPNs
- HAProxy/envoy proxy
Existing Solutions
Generate certs using openssl(error prone) or use managed solution(expensive)
Solution
- We built kingsly, which would act as broker between clients and letsencrypt, serving the clients with SSL certs.
- It takes care of renewal of certs before their expiry dates.
- extensible by writing custom clients to automate the whole manual process of updating certs with an example client.
Outline
Will go over the problem statement of how managing certs was a difficult problem for us and then how we went ahead solving it using kingsly.
Speaker bio
Product Engineer @ Gojek, Contributor to @oVirt, Backpacker, Weekend chef, theatre enthusiast.
Links
- https://blog.gojekengineering.com/introducing-kingsly-the-cert-manager-ced40746aa65
- https://github.com/gojekfarm/kingsly
- https://github.com/gojekfarm/kingsly-certbot
- https://github.com/gojekfarm/kingsly-certbot-cookbook
- https://github.com/gojekfarm/iap_auth
- https://github.com/gojekfarm/iap-auth-cookbook
{{ errorMsg }}