Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix installation fails when using Let's Encrypt cluster issuer #119

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fix installation fails when using Let's Encrypt cluster issuer #119

wants to merge 3 commits into from

Conversation

PhanLe1010
Copy link

@PhanLe1010 PhanLe1010 commented Aug 14, 2023
edited
Loading

Describe your changes

This PR fixes 3 bugs described in each commits:

  • Fix tlsIssuer names and the consumers of these tlsIssuers
  • The ingress of AMCE server need to be contact through http port
  • Cannot use wildcard for http01 AMCE resolver

Issue ticket number and link

Checklist before requesting a review

  • I have performed a self-review of my code.
  • If it is a core feature, I have added thorough tests.
  • CHANGELOG.md has been updated should there be relevant changes in this PR.

@PhanLe1010
Fix tlsIssuer names and the consumers of these tlsIssuers
37cf701 
The consumers need to reference the correct name of the tlsIssuers.
Cosummers are traefik ingress and the cluster-ip-cert

Signed-off-by: Phan Le <phan.le@suse.com>
@PhanLe1010
The ingress of AMCE server need to be contact through http port
db311c7 
Signed-off-by: Phan Le <phan.le@suse.com>
@PhanLe1010
Cannot use wildcard for http01 AMCE resolver
a6a8db4 
Signed-off-by: Phan Le <phan.le@suse.com>
@PhanLe1010 PhanLe1010 mentioned this pull request Aug 14, 2023
Closed
3 tasks
@jecluis
Copy link
Contributor

jecluis commented Aug 15, 2023

Hi @PhanLe1010 . Thank you for your contribution. It will be reviewed shortly. In the meantime, would you mind signing your commits in this patch set? If you are not familiar with how commits can be signed, please refer to the github documentation.

jecluis
jecluis reviewed Aug 15, 2023
View reviewed changes
Copy link
Contributor

@jecluis jecluis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm concerned about dropping support for wildcard certificates. This will break vhost-based bucket access.

Also, please keep in mind that you should remove lines instead of commenting them, unless there's a compelling reason to leave them commented in the code.

charts/s3gw/templates/ingress-traefik.yaml
spec:
tls:
- hosts:
- '{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
- '*.{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
# - '*.{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe @m-ildefons can comment on this, but I think this will not work. We need wildcard certificates for vhost-based bucket access.

Copy link
Author

@PhanLe1010 PhanLe1010 Aug 15, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jecluis , we are discussing this wildcard cert topic inside our discuss-s3gw Slack channel. I will update the PR once we come to a conclusion

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jecluis jecluis jecluis left review comments

@m-ildefons m-ildefons Awaiting requested review from m-ildefons

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@PhanLe1010 @jecluis