ibotty
commented
7 years ago Do you mean: route redeployment?
I prefer recording above whether the route has a certificate and checking below.
What do you think?
Open macmacs opened 7 years ago
ibotty
commented
7 years ago Do you mean: route redeployment?
I prefer recording above whether the route has a certificate and checking below.
What do you think?
macmacs
commented
7 years ago Yes, route deployment (e.g. when setting up a new application).
I noticed, that if a cert for a certain app/route already exists in openshift-letsencrypt storage, the route will NOT be changed to https when I redeploy this app/route.
This pullrequest would take care of this case.
ibotty
commented
7 years ago I understand the problem. I am kind of uncomfortable to patch the route any time, unconditionally because of the unnecessary load on the api server.
What logic do you think is required. Is it sufficient to patch the route iff the route has no valid* certificate? Are there edge cases that logic does not handle?
valid = exists, lifetime long enough
macmacs
commented
7 years ago Hmm, I don't see a problem with the api server, because existing, valid certificates will be used. And if there's no valid certificate existing, the route has not beed deployed for x weeks.
ibotty
commented
7 years ago It does not matter whether the certificate is different, it will nonetheless create a new route revision.
This way, an existing certificate is also added to a route if the corresponding service is redeployed.