search

rancher / rio

Application Deployment Engine for Kubernetes
https://rio.io
Apache License 2.0
2.27k stars 228 forks source link

webhook doesn't work when rdns is disabled #1018

Open prabirshrestha opened 4 years ago

prabirshrestha commented 4 years ago

If rdns is disabled, webhook doesn't seem to work because the webhook url is https://someurl.on-rio.io/hooks?....

rio install --disable-features rdns
StrongMonkey commented 4 years ago

Did you setup custom domain? if you set it up it should work as webhook service needs to expose itself.

prabirshrestha commented 4 years ago

How can one configure clusterdomain with Lets Encrypt. I only see one without it and manual keys.

StrongMonkey commented 4 years ago

if you want to use custom domain with lets encrypt, you might have to check cert-manager docs. You basically need to provide your credential of your dns provider https://cert-manager.io/docs/configuration/acme/dns01/. This is because wildcard certs needs to do dns-01 validation.

StrongMonkey commented 4 years ago

Rio only provision certs with letsencrypt for rdns. I assume you can use other acme tools to provision and renew your certs, and keep it into a kubernete secret and follow the docs to add the secret into rio.

prabirshrestha commented 4 years ago

I would like to use letsencrypt but instead of using on-rio.io I would like to use customdomain.com so it will look like blog.customdomain.com.

This one does seem to support it https://github.com/rancher/rio/pull/1020 but I would need to deploy my own rdns server. Would be good if rdns server would be auto deployed with rio install.

https://github.com/rancher/rio/issues/851 also seems to have similar requests for custom domain with custom key and certs. I would like to have support for custom domains but with letsencrypt.

I want to accomplish something like this.

rio install --cluster-domain customdomain.com
StrongMonkey commented 4 years ago

Deploying clusterdomain with letsencrypt requires more efforts since we need a DNS provider and credential to provision TXT record. It will be better to manage your certs externally(through cert-manager) and add the cert secret to rio. https://github.com/rancher/rio/issues/851#issuecomment-577003817 sounds like an option.

StrongMonkey commented 4 years ago

But with https://github.com/rancher/rio/pull/1020 added and if you are able to provision your own Rdns server you should be able to use your customdomain natively in rio. I will see if I can add that in the next release and post a blog about the instruction.

prabirshrestha commented 4 years ago

Hmm. I use DNSSimple and register a wildcard domain pointing to ip and then have caprover generate certs for any subdomain and it seems to work.

It is a good start but would really love if RDNs would also get auto deployed with rio.