- Don't write a CRL to the cache if the response code is above 399. (We
were getting HTML files as CRLs, d'oh).
- Fix a kwarg in the CRL logger (extras -> extra).
- Set Kubernetes clusters to log output as JSON.
- Fix some python formatting and import issues
- Fix dockerfile to include sync-crls script
- Adjust sync-crls script to use paths and CLI tools available in the
Docker container
This adds a previous version of the CRL sync functionality back to the
repo, with some small adjustments. We now grab the CRLs directly from
their DISA URLs.
The CRL sync is handled by a kubernetes cronjob that sync the files to a
persistent volume that is mounted into each Flask app container.
There may be a cleaner way to configure this with Kubernetes. For now,
we expose port 80 on the load balancers and let NGINX redirect that
traffic to the HTTPS version of the site.
This presumes the existence of TLS kubernetes secrets available in both
clusters. It adds NGINX config for SSL termination and the necessary k8s
config to write the certificate and private key to the NGINX container.
