This repository has been archived by the owner on Nov 16, 2020. It is now read-only.
Letsencrypt support via cert-manager #427
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a work in progress to support real certificates via
letsencrypt. Here are the notes:
* Requires DNS challenge (via route53 for now) as kong is not an
ingress controller and isn't compatible with the HTTP challenge
scheme
- HTTP would be preferred as we don't need to depend on access
to a 3rd party DNS service (route53)
* I'm not sure we should package this up together. This support
may be better handled via manually installing additinal charts
(cert-manager, certificate) as the failure modes are hard to
debug and handle automatically
* User must manually set a secret with AWS IAM secret:
```kubectl create secret generic route53 --namespace kube-system --from-literal secret-access-key=$AWS_SECRET_ACCESS_KEY```
* Please comment!
Here's a working install.yaml:
```
ingress:
serviceType: LoadBalancer
apiGateway:
serviceType: LoadBalancer
host: apibjung03.dispatchframework.io
letsEncrypt:
email: [email protected]
staging: false
route53:
accessKeyID: ***********
dispatch:
host: bjung03.dispatchframework.io
port: 443
tls:
ca: letsEncrypt
faas: riff
eventTransport: kafka
bootstrapUser: [email protected]
oauth2Proxy:
provider: github
clientID: **********
clientSecret: ***********
```
* document gke installation guide * ensure backwards compatibility
berndtj
force-pushed
the
bjung-letsencrypt
branch
from
0dba0ee
to
1509ff0
Compare
berndtj
changed the title
kars7e
approved these changes
May 16, 2018
| [issues](https://github.com/kubernetes/helm/issues/3379). If it fails, retry: | ||
|
|
||
| ``` | ||
| helm init --tiller-image powerhome/tiller:git-3b22ecd --wait |
There was a problem hiding this comment.
This shouldn't be needed with helm 2.8.2, as both of those issues were addressed (and it shouldn't require retry either). I will update our CI to use 2.8.2.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a work in progress to support real certificates via
letsencrypt. Here are the notes:
Requires DNS challenge (via route53 for now) as kong is not an
ingress controller and isn't compatible with the HTTP challenge
scheme
to a 3rd party DNS service (route53)
I'm not sure we should package this up together. This support
may be better handled via manually installing additinal charts
(cert-manager, certificate) as the failure modes are hard to
debug and handle automatically
User must manually set a secret with AWS IAM secret:
kubectl create secret generic route53 --namespace kube-system --from-literal secret-access-key=$AWS_SECRET_ACCESS_KEYHere's a working install.yaml: