gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 13:31:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

release: deploy-hardening II complete (v2.X.0)

Browse Source 
Phase 16 of the deploy-hardening II master bundle. All 16 phases
shipped on master ahead of v2.0.66 (16 commits since Bundle I
release; 5 commits for Bundle II itself):

Phase 0: setup + recon + 14 frozen decisions confirmed
Phase 1: 11 sidecars in docker-compose.test.yml
         (apache, haproxy, traefik, caddy, envoy, postfix, dovecot,
          openssh, f5-mock-icontrol, k8s-kind, windows-iis)
         + in-tree f5-mock-icontrol Go server
Phases 2-13: 122 named TestVendorEdge_<vendor>_<edge>_E2E tests
             across 13 connectors + shared helpers
Phase 14: docs/deployment-vendor-matrix.md (the procurement
          deliverable) + 5 per-connector deep-dive docs
          (nginx, k8s, iis, apache, f5)
Phase 15: per-vendor CI matrix job in .github/workflows/ci.yml
          (12 vendors on ubuntu-latest + IIS/WinCertStore on
          windows-latest, fail-fast: false)
Phase 16: release notes + reddit-beat + Active Focus + tag handoff

Closes the third procurement-checklist gap with Venafi/DigiCert/
Sectigo: vendor-specific deployment recipes tested against real
binaries.

Test depth at bundle close (per-connector totals):
  apache 34, caddy 30, envoy 31, f5 56, haproxy 36, iis 46,
  javakeystore 25, k8ssecret 24, nginx 59, postfix 30, ssh 61,
  traefik 30, wincertstore 25
Plus 122 TestVendorEdge_*_E2E across the bundle.

Backwards compat preserved — no API surface changes; the bundle
is purely test infrastructure + docs + CI matrix.

Cowork artifacts:
- cowork/deploy-hardening-ii/baseline.md (Phase 0 recon)
- cowork/deploy-hardening-ii/v2.X.0-release-notes.md
- cowork/deploy-hardening-ii/reddit-beat.md (don't auto-post)

Spec preserved at cowork/deploy-hardening-ii-prompt.md.

V3-Pro deferrals (documented in release notes):
- Real Envoy SDS gRPC server (file-mode is V2 contract)
- cert-manager Certificate CR as first-class deploy target
- Multi-region deployment coordination
- Cert-pinning verification against mobile-app pin manifests
- SOC 2 evidence-report generator
- Customer-paid validation matrices
- A managed-deploy-orchestration UI

Operator picks the exact v2.X.0 tag value.
This commit is contained in:
shankar0123
2026-04-30 16:22:00 +00:00
parent a2746c82a6
commit 39497fec1b
Download Patch File Download Diff File Expand all files Collapse all files

Diff Content Not Available