[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Let's Encrypt controller for OpenShift



I'm currently using a toy implementation I wrote at https://github.com/lukegb/openshiftle, but it doesn't attempt to do persistent of its ACME private key or anything, just updates the private key.

It's a little buggy (mostly when setting up the route for /.well-known to point to itself), so it's definitely not production ready, but it is usable.

Luke

On Thu, Nov 24, 2016 at 2:29 PM, Rajat Chopra <rchopra redhat com> wrote:

It would certainly be a useful feature. Especially for online.
The router part should be relatively straightforward, though we plan to move to ingress objects pretty soon. Even then I think we can make use of the code (somewhat on the lines of what Jimmi pointed to?).

I can help with the router implementations (haproxy and f5). Let me know about any design you have in mind and I can do my bit to vet.

Thanks for this useful idea.
Rajat


On Nov 24, 2016 5:40 AM, "Jimmi Dyson" <jdyson redhat com> wrote:
There's also an ingress based impl at https://github.com/jetstack/kube-lego.

On Thu, Nov 24, 2016 at 1:35 PM, Tomas Nozicka <tnozicka redhat com> wrote:
> I've been thinking for a long time about some kind of support for Let's
> Encrypt [1] in OpenShift. In the meantime Kelsey Hightower came with
> his PoC for Kubernetes [2]. It's a great starting point although it
> will need modifications to work with OpenShift's router. Actually I
> thing that in combination with the router it becomes more powerful,
> because your app does not even need to support https and reading
> certificates if your route is set to edge termination.
>
> The main goal here is to provide OpenShift users with valid
> certificates for free and enable HTTPS for everyone. It will also take
> care about certificates renewal.
>
> I believe this could be a great feature for OpenShift. I know I
> definitely want this for my server at home, but I think this could even
> work for Online, but let's not get ahead of ourself. It would make an
> awesome demo if you could just create a route for your service in
> OpenShift and get HTTPS (with a valid certificate) out of the box; or
> after installing the controller.
>
> I would be interested in writing such controller for OpenShift based on
> Kelsey's work, but I would appreciate some form of guidance from
> someone who knows the router or in general. I'd like to build this as
> an OSS with production quality; not just PoC.
>
> And I wanted to check if someone isn't already working on that?
>
>
> Thanks,
> Tomas
>
> [1] - https://letsencrypt.org/
> [2] - https://github.com/kelseyhightower/kube-cert-manager
>
> _______________________________________________
> dev mailing list
> dev lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]