Project Description
Kubernetes SSL Certificate Rotation Automation (AWS EKS) :
Project Overview
I am seeking an experienced DevOps/Kubernetes engineer to design and implement an automated solution for SSL certificate rotation in Kubernetes clusters (AWS EKS).
The system should automatically detect certificate expiration and perform secure, seamless rotation with minimal downtime and low operational cost.
This is a critical infrastructure project, and I am looking for someone highly professional, detail-oriented, and experienced in production-grade systems.
Key Objectives
Automate Kubernetes SSL certificate rotation based on expiration
Eliminate manual intervention
Ensure zero or minimal downtime
Build a secure, scalable, and cost-efficient solution
Validate across Dev, Staging, and Production environments
Technology Stack
AWS (EKS, IAM, EC2, CloudWatch, etc.)
Kubernetes (EKS clusters & worker nodes)
Certificate management tools (e.g., cert-manager or custom automation)
Infrastructure as Code (Terraform/CloudFormation preferred)
CI/CD tools (optional but preferred)
Project Constraints / Engagement Model
I will NOT share system access or credentials
Work will be done via screen sharing sessions, where you guide me step-by-step
Strong communication and clarity are required
Project Timeline (1 Month Total)
Week 1: Analysis & Design
Understand current cluster setup
Identify certificate types (API server, ingress, internal services, etc.)
Finalize automation approach
Architecture design & approval
Week 2: Implementation (Core Automation)
Setup certificate management tool (e.g., cert-manager)
Implement expiry detection logic
Configure auto-renewal workflows
Integrate with AWS services if required
Week 3: Integration & Environment Rollout
Deploy in Dev environment
Validate rotation workflows
Extend to Staging environment
Monitor logs and fix issues
Week 4: Production Rollout & Hardening
Production deployment
Performance and reliability tuning
Monitoring & alerting setup
Documentation & knowledge transfer
Detailed Work Breakdown (Jira Task Structure)
Epic 1: Discovery & Design
Analyze current EKS cluster configuration
Identify certificate sources and usage points
Define rotation strategy (manual vs automated vs cert-manager)
Design architecture diagram
Select tools and frameworks
Epic 2: Environment Preparation
Setup IAM roles and permissions
Install required tools (kubectl, helm, etc.)
Prepare namespaces and configurations
Setup monitoring/logging prerequisites
Epic 3: Certificate Automation Implementation
Install and configure cert-manager (or equivalent)
Setup certificate issuers (ACM, Let’s Encrypt, internal CA, etc.)
Configure certificate lifecycle policies
Implement expiry detection logic
Automate certificate renewal process
Epic 4: Kubernetes Integration
Integrate certificates with ingress controllers
Update API server / internal services certificates if required
Ensure rolling updates without downtime
Validate TLS configurations
Epic 5: Testing & Validation
Test in Dev environment
Simulate certificate expiry scenarios
Validate auto-renewal and rollout
Perform failure and rollback testing
Epic 6: Staging & Production Deployment
Deploy to staging
Validate end-to-end workflow
Deploy to production
Monitor for stability
Epic 7: Monitoring & Alerts
Setup alerts for certificate expiry
Integrate with AWS CloudWatch / Prometheus / Grafana
Logging and audit trail setup
Epic 8: Optimization & Cost Control
Ensure minimal AWS resource usage
Optimize automation frequency and workloads
Validate cost efficiency
Epic 9: Documentation & Handover
Document architecture
Provide step-by-step runbook
Troubleshooting guide
Knowledge transfer sessions
Expected Deliverables
Fully working certificate rotation automation
Deployment across Dev, Staging, Production
Architecture documentation
Runbook and operational guide
Monitoring and alerting setup
Required Skills
Strong experience with AWS EKS & Kubernetes
Hands-on experience with SSL/TLS certificate management
Experience with automation tools (cert-manager, scripts, etc.)
Knowledge of infrastructure security best practices
Experience in production-grade deployments
Additional Notes
This is a high-priority and critical project
Looking for someone serious, committed, and professional
Clear communication and structured approach are essential
If you are interested, please share:
Relevant experience
Similar projects you have completed
Your proposed approach for this implementation