- Don't write a CRL to the cache if the response code is above 399. (We
were getting HTML files as CRLs, d'oh).
- Fix a kwarg in the CRL logger (extras -> extra).
- Set Kubernetes clusters to log output as JSON.
Chose Elastic File Storage over EBS (Elastic Block Storage) because the
latter can only be mounted into a single node.
This adds the RBAC config and deployment for managing EFS mounts within
the cluster. Largely depends on this efs-provisioner config:
https://github.com/kubernetes-incubator/external-storage/tree/master/aws/efs
The config has been hard-copied into the repo and updated for future
reference. Note that the config requires an environment variable
substitution and cannot be applied directly to the cluster.
There may be a cleaner way to configure this with Kubernetes. For now,
we expose port 80 on the load balancers and let NGINX redirect that
traffic to the HTTPS version of the site.
This presumes the existence of TLS kubernetes secrets available in both
clusters. It adds NGINX config for SSL termination and the necessary k8s
config to write the certificate and private key to the NGINX container.
