mattmoor
commented
4 years ago cc @ZhiminXiang
Open mattmoor opened 4 years ago
mattmoor
commented
4 years ago cc @ZhiminXiang
ZhiminXiang
commented
4 years ago /assign
ZhiminXiang
commented
4 years ago The difference btw net-certmanager and net-http01 is that the service for serving HTTP01 challenge is not controlled by Knative. It is set up by cert-manager.
I am gonna look into cert-manager and see how we can add the logic into cert-manager.
mattmoor
commented
4 years ago Alternately we could create a way in our dataplane contract to express that certain services do not need (or don't support) probing.
ZhiminXiang
commented
4 years ago Alternately we could create a way in our dataplane contract to express that certain services do not need (or don't support) probing.
SGTM. This could be a workaround.
ZhiminXiang
commented
4 years ago Just for record, the Ingress prober implementation of Istio is based on hosts of Ingress. See the code here. So It just probes host without path. Therefore, cert-manager currently can work with net-Istio.
I think we should still pursue wrapping the http01 challenge service in the cert-manager side. Once that lands, we can extend the prober to support probing path which is more accurate.
mattmoor
commented
4 years ago It's either our dataplane contract or it's not.
cc @tcnghia since he was considering doing the same thing I did in net-contour in net-istio.
github-actions[bot]
commented
4 years ago This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.
mattmoor
commented
4 years ago /lifecycle frozen
@ZhiminXiang any update?
dprotaso
commented
1 year ago /unassign @ZhiminXiang
In order to assess readiness, we expect services included in kingress to support the K-Network-Probe handshake.
See related issue for net-http01: https://github.com/knative-sandbox/net-http01/issues/48