Skyscrapers Changelog

This changelog lists all updates, improvements and new features our Engineering team develops for our Reference Solutions. These are rolled out automatically to all SRE-as-a-Service customers.

Announcements Maintenance New Features Postmortems

Fixed issue with Vault certificate renewal

04 Dec 2020 • General

vault security certificate tls cert-manager

For increased security, our Vault setups are configured to terminate TLS sessions directly at the Vault server process. To do so, we use cert-manager to provision LetsEncrypt certificates that the Vault server Pods can use. There was an issue with this setup, where the Vault servers didn’t reload the certificate when this was renewed by cert-manager, rendering Vault insecure / unavailable.

We’ve now added a small side-car container on the Vault server Pods that automatically reloads the certificate in-place whenever this gets renewed. This operation won’t cause any disruption to the Vault service.

Skyscrapers Changelog

Related Posts

[Action required] Upgraded cluster add-ons 11 Apr 2024

Overhauled EKS access control 03 Apr 2024

Upgrading EKS clusters to v1.29 28 Mar 2024