search

tnozicka / openshift-acme

ACME Controller for OpenShift and Kubernetes Cluster. (Supports e.g. Let's Encrypt)
Apache License 2.0
319 stars 116 forks source link

[DOC] Does openshift-acme can be used for replacing internal certificates #112

Closed rmahroua closed 3 years ago

rmahroua commented 4 years ago

What would you like to be added: Documentation on whether openshift-acme can be used for updating the internal certificates that the API/Oauth server, routes, etc. present.

Why is this needed: Get clarification on whether this project can be used for internal certificates or only routes for applications. To clarify, what I mean by internal certificates are certs that "public" services use (Grafana, Prometheus, OAuth), and not the "internal" ones, such as the ones that the kubelets use to authenticate to the API or the ones that the Etcd cluster uses.

@tnozicka

tnozicka commented 4 years ago

I think everything except the apiserver is exposed via a Route so it shouldn't be hard. The apiserver cert is impossible to get with http-01 validation as its IP and traffic are distinct from the router. You could wrap it in a Route and Service through and just redirect the traffic to kube-apiserver.

I'll try to write an e2e with it and some docs when I get the time.

openshift-bot commented 4 years ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot commented 3 years ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot commented 3 years ago

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

openshift-bot commented 3 years ago

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

openshift-ci-robot commented 3 years ago

@openshift-bot: Closing this issue.

In response to [this](https://github.com/tnozicka/openshift-acme/issues/112#issuecomment-751171102): >Rotten issues close after 30d of inactivity. > >Reopen the issue by commenting `/reopen`. >Mark the issue as fresh by commenting `/remove-lifecycle rotten`. >Exclude this issue from closing again by commenting `/lifecycle frozen`. > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.