Rotate Wild Card certificate

Feature Request

Ok not really a feature but.... The wildcard certificate (*.bigbang.dev) expired on July 15 2021. It is a 'lets encrypt' cert and is often used in dev environment to allow ingress traffic to the virtual services.

The cert is inside the encrypted ingress-cert.yaml here:

A cert located directly in the helm values here: - this one is valid so maybe just move the valid one into the expired section of encrypted ingress-cert.yaml will do the trick?

I downloaded the cert, decrypted it and used openssl to print the information. See details below:

➜  z openssl x509 -noout -in junk.cert -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:f6:df:40:7e:55:83:2d:ca:4e:ed:cf:5f:18:8d:1d:e7:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Apr 16 01:05:13 2021 GMT
            Not After : Jul 15 01:05:13 2021 GMT
        Subject: CN=*.bigbang.dev

Proposed Solution

I asked around on the BigBang team MM channel, found out that @runyontr may be the person with access to the domain and can run the renewal process. Or just copy the data from master helm values into the encrypted file located in the hack/secrets folder.

https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/608

This is when I updated the cert.

Should we remove the hack/secrets folder in place of the tests folder? We could modify the test framework to just use chart/ingress-certs.yaml, but do you have a use case that wouldn't support that framework?

Yes, the only place its used is in docs. Its useful when following the quickstart repo and working on AWS to have proper certs. But changing the curl command to pull from tests folder is a great idea!

Edit - No need to have it in both places

closed

#808 (closed) will update quickstart repo to fetch cert from master, so closing.