Closed kiootic closed 4 years ago
@louischan-oursky @chpapa After further consideration, now I think it's better to check for TXT record only, and gives a warning if other records (CNAME/A/etc.) are not set up properly, instead of giving an error and having a flag to bypass:
What do you think about this?
it's better to check for TXT record only
Originally we check the A record since we request the letsencrypt cert for the custom domains. If users don't add the A record, cert manager will keep trying and fail. Is it irrelevant now? As we will have cert in cdn level and cdn provider handle it?
For GCP Cloud CDN, we will provision a CDN-enabled load balancer every 15 domains, since each load balancer can serve at most 15 TLS certificates.
thanks @kiootic
@carmenlau
Originally we check the A record since we request the letsencrypt cert for the custom domains. If users don't add the A record, cert manager will keep trying and fail. Is it irrelevant now? As we will have cert in cdn level and cdn provider handle it?
It is developer's responsibility to ensure our load balancer can be reached at the custom domain. Otherwise, Let's Encrypt would not issue the HTTPS certificate.
Does CDN enable by default when custom domain is added?
Since there is severe limitations on Cloud CDN on their quota, I've discussed with @louischan-oursky and @chpapa and we think dropping the CDN feature is the simplest for now.
ref #375