mfojtik
commented
7 years ago @tnozicka FYI (I think you was building something related)
Open ctron opened 7 years ago
mfojtik
commented
7 years ago @tnozicka FYI (I think you was building something related)
tnozicka
commented
7 years ago @ctron Take a look at https://github.com/tnozicka/openshift-acme
openshift-bot
commented
6 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
Peque
commented
6 years ago @enj Any updates on this matter? :innocent:
tnozicka
commented
6 years ago /assign @tnozicka The plan is to adpot https://github.com/tnozicka/openshift-acme/pull/48 when that merges.
Now has its trello card https://trello.com/c/nmh6J8ly/1140-adopt-openshift-acme
openshift-bot
commented
6 years ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle rotten /remove-lifecycle stale
marziman
commented
6 years ago @ctron & @tnozicka,
I ve tested this and it worked great! Really cool stuff, thanks...and funny to meet my old friend @ctron in this issue. Made lets encrypt cert management so smooth and easy. Any plans how the trello card will continue?
BR Mehmet
tnozicka
commented
6 years ago @marziman thx.
Any plans how the trello card will continue?
I'd like us to be able to provide certificates for masters and for the router. Also for the purposes of multitenancy we need to have internal rate limits.
bevinhex
commented
6 years ago about openshift-acme, it is working great for routes, not sure how to configure it for console as well, any ideas?
vorburger
commented
6 years ago https://github.com/tnozicka/openshift-acme works great! It would just be cool to have this work with the click of a "Get Certificate!" button built into OpenShift, just to save a long night of reading up and searching to understand what to look for and ultimately find this... :smiley:
enj
commented
5 years ago /unassign
@stlaz @sttts @mfojtik
Let's encrypt [1] provides a great way to get SSL certificates which are accepted by browsers.
When it comes to OpenShift there are two downsides using Let's encrypt. Certificates are only valid for 90 days and they don't offer wildcard certificates. So you either need one for each domain or your can use server aliases to include more.
However there is an API for automating this process [2], which could be included into OpenShift in order to automate this process out of the box.
Of course you can find some way to fiddle around with some shell scripts and the router templates to DIY, but it would be cool to have this support out of the box for front-facing HTTPS access.
[1] https://letsencrypt.org/ [2] https://ietf-wg-acme.github.io/acme/
Version
oc v1.4.1+3f9807a kubernetes v1.4.0+776c994 features: Basic-Auth GSSAPI Kerberos SPNEGO
Steps To Reproduce
Current Result
Not supported
Expected Result
Out of the box support for Let's encrypt.