Closed psFried closed 1 year ago
It's difficult to test this PR locally, so I'm holding off on requesting a review and merging until after we've got this working in combustible-cronut alongside the existing deployment.
LGTM looks awesome!
totally optional thought: just take one via argument and using the client's API for syncing the set of peer addresses.
I looked into this a bit more, and I think doing this makes sense. The client won't actually sync these automatically, so if you only provide a single url, then you're hosed if that one member happens to be unavailable, but my hope (to be validated soon) is that we can use the k8s service address, and then the call to Sync
will essentially replace that with the addressed of the individual members.
Adds support for provisioning TLS certificates automatically using the
autocert
package. This uses etcd as a cache for the certificate and intermediate data used during provisioning. It also uses etcd for a distributed mutex, to prevent multiple data-plane-gateway processes from starting the certificate provisioning process simultaneously.A plain (non-TLS) listener was also added in order to respond to the ACME http-01 challenges.
This change is