Closed psFried closed 1 year ago
psFried
commented
2 years ago It's difficult to test this PR locally, so I'm holding off on requesting a review and merging until after we've got this working in combustible-cronut alongside the existing deployment.
jgraettinger
commented
1 year ago LGTM looks awesome!
psFried
commented
1 year ago totally optional thought: just take one via argument and using the client's API for syncing the set of peer addresses.
I looked into this a bit more, and I think doing this makes sense. The client won't actually sync these automatically, so if you only provide a single url, then you're hosed if that one member happens to be unavailable, but my hope (to be validated soon) is that we can use the k8s service address, and then the call to Sync will essentially replace that with the addressed of the individual members.
Adds support for provisioning TLS certificates automatically using the
autocertpackage. This uses etcd as a cache for the certificate and intermediate data used during provisioning. It also uses etcd for a distributed mutex, to prevent multiple data-plane-gateway processes from starting the certificate provisioning process simultaneously.A plain (non-TLS) listener was also added in order to respond to the ACME http-01 challenges.
This change is