Closed LukeRepko closed 1 month ago
Testing this in the lab first, will probably have some docs to add with this PR too. Normally, we've been adding this param to the cert manager deployment directly instead of relying on adding it during cert manager install. Time to fix that!
This is still a WIP. It addresses some undocumented steps required to get Let's Encrypt working with the Gateway API. Using the documentation as it is outlined in this PR, certificates are issued successfully via Let's Encrypt once the user copies, modifies, and applies the patch file as specified.
I want to ensure I can get my stack working fully before marking this ready for review, that won't be until Thursday this week at the earliest.
Found HTTP traffic getting passed through to back-end service instead of being redirected to HTTPs. Revisiting route configuration. Will need to adjust a few things there to get all working as expected.
Ah, I see the problem, HTTPRoute rules are applied and processed in order. The filters
list containing the requestRedirect
needs to come before the backendRefs
. Changed the order and it works as expected now.
We are using the Gateway API now. Without this flag, certificates will not be issued as expected. After the Gateway API CRDs are installed, it's important to restart cert-manager as some of the components only do a check for the GW API during startup.
ref: https://cert-manager.io/docs/usage/gateway/