elyscape
commented
7 years ago The second part should also be doable by annotating the route with the OCSP response and having openshift-router export the annotation alongside the certificate.
Open ibotty opened 7 years ago
elyscape
commented
7 years ago The second part should also be doable by annotating the route with the OCSP response and having openshift-router export the annotation alongside the certificate.
ibotty
commented
7 years ago That's what I meant. Afaict it's not possibly via template alone.
elyscape
commented
7 years ago The other issue is that this process wouldn't deal with the default certificate. While updating the router-certs secret with a value for tls.crt.ocsp will cause it to appear (or change) in running routers, HAProxy won't notice the change unless it is reloaded. One workaround for this would be to have a dummy route of some sort and update an annotation on it. This would cause openshift-router to trigger a reload. An alternative solution would be to just make openshift-router also observe the router-certs secret and trigger a reload any time it changes.
openshift-bot
commented
6 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
elyscape
commented
6 years ago /remove-lifecycle stale
openshift-bot
commented
6 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
elyscape
commented
6 years ago /remove-lifecycle stale
openshift-bot
commented
6 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
openshift-bot
commented
6 years ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle rotten /remove-lifecycle stale
ibotty
commented
6 years ago I still think it's an important feature and it's not resolved.
ibotty
commented
6 years ago /remove-lifecycle stale
ibotty
commented
6 years ago Can someone please remove the lifecycle annotation? It is still a valid bug.
elyscape
commented
6 years ago /remove-lifecycle rotten
openshift-bot
commented
5 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
elyscape
commented
5 years ago /remove-lifecycle stale
openshift-bot
commented
5 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
ibotty
commented
5 years ago That's still relevant.
elyscape
commented
5 years ago /remove-lifecycle stale
openshift-bot
commented
5 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
elyscape
commented
5 years ago /lifecycle frozen
It would be great to support ocsp stapling in the haproxy router.
AFAICT it needs two things
The first part can be easily delegated to an external service that e.g. annotates the route. The second one is not possible now afaict. Getting the response should be easy enough though, there are go libraries available.