Closed LukeRepko closed 1 month ago
LukeRepko
commented
1 month ago Testing this in the lab first, will probably have some docs to add with this PR too. Normally, we've been adding this param to the cert manager deployment directly instead of relying on adding it during cert manager install. Time to fix that!
LukeRepko
commented
1 month ago This is still a WIP. It addresses some undocumented steps required to get Let's Encrypt working with the Gateway API. Using the documentation as it is outlined in this PR, certificates are issued successfully via Let's Encrypt once the user copies, modifies, and applies the patch file as specified.
I want to ensure I can get my stack working fully before marking this ready for review, that won't be until Thursday this week at the earliest.
LukeRepko
commented
1 month ago Found HTTP traffic getting passed through to back-end service instead of being redirected to HTTPs. Revisiting route configuration. Will need to adjust a few things there to get all working as expected.
LukeRepko
commented
1 month ago Ah, I see the problem, HTTPRoute rules are applied and processed in order. The filters list containing the requestRedirect needs to come before the backendRefs. Changed the order and it works as expected now.
We are using the Gateway API now. Without this flag, certificates will not be issued as expected. After the Gateway API CRDs are installed, it's important to restart cert-manager as some of the components only do a check for the GW API during startup.
ref: https://cert-manager.io/docs/usage/gateway/