[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Service and route in front of api pods in OpenShift 3.10



Yes sure! If acme servers can't join your routers the HTTP challenge can't be validated.

Maybe it could be nice to add optional support to this in openshift-ansible:
- deploy openshift-acme
- create a route in front of the kubernetes service with the proper annotation

Le jeu. 6 sept. 2018 à 08:27, Daniel Comnea <comnea dani gmail com> a écrit :
Very nice Mickael !

Just a minor note (although i'm sure you know already) if others bump into this thread, this method works for public domains but it won't work if your domain is internal/ dev one (i.e - .local).

Dani

On Wed, Sep 5, 2018 at 4:11 PM Mickaël Canévet <mickael canevet gmail com> wrote:
Thanks a lot Tobias,

That helped a lot, it's working fine.
Now I have a Let's Encrypt certificate for my web console without using an external reverse proxy \o/

Kind regards,
Mickaël

Le mer. 5 sept. 2018 à 13:17, Tobias Florek <openshift ibotty net> a écrit :
Hi!

It is certainly possible.

You already have a "kubernetes" service in the default namespace. You
only need to expose that service's https port with Reencrypt TLS-Policy
and set the kubernetes.io/tls-acme=true annotation.

Your unsuccessful try was missing the reencrypt tls policy.

Cheers,
 Tobias Florek
_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


--
  « Any society that would give up a little liberty to gain a little security will deserve neither and lose both. »
  (Benjamin Franklin)
_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


--
  « Any society that would give up a little liberty to gain a little security will deserve neither and lose both. »
  (Benjamin Franklin)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]