Categories
containerization

haproxy certificate reloading

This post continues the discussion on dynamic SSL certificate reloading when a certificate is renewed. I already discussed keycloak, this post is about HAProxy.

I use HAProxy for an ingress controller in my Docker swarm, much how traefik is used as an ingress controller for Kubernetes. I have both a Docker swarm and a Kubernetes cluster, but I prefer to do development in Swarm, though there are some nice features of Kubernetes. My k8s environment is a cluster of k3os VM instances running Rancher and Longhorn. I also have cert manager configured, which seemed like a simple no-effort solution to managing SSL certificates.

Categories
containerization

keycloak certificate reloading

In my post on container lifetimes I discussed how I wanted to make keycloak perform dynamic SSL certificate reloading. The maximum lifetime of an SSL certificate is no longer dictated by the Certificate Authority, but rather a cabal of web browser developers who wield a big schwartz. I am using free certificates provided by Letsencrypt, you may think that is amateur or juvenile, but I think it’s extortion what CAs charge for a certificate.