Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate the use of Let's encrypt #13411

Open
ctron opened this issue Mar 16, 2017 · 11 comments
Open

Integrate the use of Let's encrypt #13411

ctron opened this issue Mar 16, 2017 · 11 comments
Labels
component/auth help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/P2

Comments

@ctron
Copy link

ctron commented Mar 16, 2017

Let's encrypt [1] provides a great way to get SSL certificates which are accepted by browsers.

When it comes to OpenShift there are two downsides using Let's encrypt. Certificates are only valid for 90 days and they don't offer wildcard certificates. So you either need one for each domain or your can use server aliases to include more.

However there is an API for automating this process [2], which could be included into OpenShift in order to automate this process out of the box.

Of course you can find some way to fiddle around with some shell scripts and the router templates to DIY, but it would be cool to have this support out of the box for front-facing HTTPS access.

[1] https://letsencrypt.org/
[2] https://ietf-wg-acme.github.io/acme/

Version

oc v1.4.1+3f9807a
kubernetes v1.4.0+776c994
features: Basic-Auth GSSAPI Kerberos SPNEGO

Steps To Reproduce
  1. Use OpenShift
  2. Create router
Current Result

Not supported

Expected Result

Out of the box support for Let's encrypt.
@mfojtik
Copy link
Contributor

mfojtik commented Mar 16, 2017

@tnozicka FYI (I think you was building something related)

@tnozicka
Copy link
Contributor

@ctron Take a look at https://github.com/tnozicka/openshift-acme

@enj enj added the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Oct 9, 2017
@openshift-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci-robot openshift-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 22, 2018
@Peque
Copy link

Peque commented Feb 22, 2018

@enj Any updates on this matter? 😇

@tnozicka
Copy link
Contributor

/assign @tnozicka
The plan is to adpot tnozicka/openshift-acme#48 when that merges.

Now has its trello card https://trello.com/c/nmh6J8ly/1140-adopt-openshift-acme

@openshift-bot
Copy link
Contributor

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale

@openshift-ci-robot openshift-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Mar 24, 2018
@marziman
Copy link

@ctron & @tnozicka,

I ve tested this and it worked great!
Really cool stuff, thanks...and funny to meet my old friend @ctron in this issue.
Made lets encrypt cert management so smooth and easy.
Any plans how the trello card will continue?

BR Mehmet

@tnozicka
Copy link
Contributor

tnozicka commented Mar 28, 2018
edited
Loading

@marziman thx.

Any plans how the trello card will continue?

I'd like us to be able to provide certificates for masters and for the router. Also for the purposes of multitenancy we need to have internal rate limits.

@bevinhex
Copy link

about openshift-acme, it is working great for routes, not sure how to configure it for console as well, any ideas?

@enj enj added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. labels Apr 26, 2018
@vorburger
Copy link
Contributor

https://github.com/tnozicka/openshift-acme works great! It would just be cool to have this work with the click of a "Get Certificate!" button built into OpenShift, just to save a long night of reading up and searching to understand what to look for and ultimately find this... 😃

@openshift-ci-robot openshift-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. and removed kind/enhancement labels Apr 14, 2019
@enj
Copy link
Contributor

enj commented Oct 16, 2019

/unassign

@stlaz @sttts @mfojtik

@tnozicka tnozicka removed their assignment Mar 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/auth help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/P2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests