Open macmacs opened 7 years ago
Do you mean: route redeployment?
I prefer recording above whether the route has a certificate and checking below.
What do you think?
Yes, route deployment (e.g. when setting up a new application).
I noticed, that if a cert for a certain app/route already exists in openshift-letsencrypt storage, the route will NOT be changed to https when I redeploy this app/route.
This pullrequest would take care of this case.
I understand the problem. I am kind of uncomfortable to patch the route any time, unconditionally because of the unnecessary load on the api server.
What logic do you think is required. Is it sufficient to patch the route iff the route has no valid* certificate? Are there edge cases that logic does not handle?
valid = exists, lifetime long enough
Hmm, I don't see a problem with the api server, because existing, valid certificates will be used. And if there's no valid certificate existing, the route has not beed deployed for x weeks.
It does not matter whether the certificate is different, it will nonetheless create a new route revision.
This way, an existing certificate is also added to a route if the corresponding service is redeployed.