# Pastebin md3BsAIa
15:07:35 <portdirect> so - it think the planets are alining for internal tls
15:07:43 <portdirect> we have had a few rough starts on this before
15:08:10 <portdirect> but evaluating jetstacks cert manager, it looks to be the missing link in what was attempted before
15:08:30 <portdirect> id therefore like to propose that we use that to get this effort moving again
15:08:49 <portdirect> which we could break down into a couple of steps:
15:09:18 <portdirect> 1) Jetstack Cert Manager
15:09:18 <portdirect> a) Chart
15:09:18 <portdirect> b) Deploy in gate with snakeoil ca
15:09:18 <portdirect> 2) Chart updates
15:09:18 <portdirect> a) Add in option to create TLS cr, with required hostnames - ideally via htk macro similar to the ingress rule generator
15:09:19 <portdirect> b) Get tls certs generated for all internal services
15:09:19 <portdirect> c) Mount secrets into api pods
15:09:20 <portdirect> d) Enable tls and also set the ingress rule to support secure backends