search

tinkerbell / infrastructure

Tinkerbell Infrastructure, primarily for testing
Apache License 2.0
7 stars 7 forks source link

LetsEncrypt Rate Limits #4

Closed rawkode closed 3 years ago

rawkode commented 3 years ago

At the moment, we request a new certificate from LetsEncrypt everytime we modify the user-data for the Salt Master node.

https://letsencrypt.org/docs/rate-limits/

As per the rate limits, we have the ability to request:

This means that we cannot rebuild the SaltMaster more than 5 times a week. This might be OK when the infrastructure changes slow down, but at the moment we're going to hit this limit a lot.

We need to modify the Salt States to attempt to pull the certs from a cache, only requesting them from LetsEncrypt if that cache isn't available.

We'll need S3/GCS/Minio available for this.

rawkode commented 3 years ago

Closed by 3ca66d3da85f8ae3dd123e00de9715d6d370e1fb