Closed rmahroua closed 3 years ago
I think everything except the apiserver is exposed via a Route so it shouldn't be hard. The apiserver cert is impossible to get with http-01 validation as its IP and traffic are distinct from the router. You could wrap it in a Route and Service through and just redirect the traffic to kube-apiserver.
I'll try to write an e2e with it and some docs when I get the time.
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten /remove-lifecycle stale
Rotten issues close after 30d of inactivity.
Reopen the issue by commenting /reopen
.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Exclude this issue from closing again by commenting /lifecycle frozen
.
/close
@openshift-bot: Closing this issue.
What would you like to be added: Documentation on whether openshift-acme can be used for updating the internal certificates that the API/Oauth server, routes, etc. present.
Why is this needed: Get clarification on whether this project can be used for internal certificates or only routes for applications. To clarify, what I mean by internal certificates are certs that "public" services use (Grafana, Prometheus, OAuth), and not the "internal" ones, such as the ones that the kubelets use to authenticate to the API or the ones that the Etcd cluster uses.
@tnozicka