It would certainly be a useful feature. Especially for online. The router part should be relatively straightforward, though we plan to move to ingress objects pretty soon. Even then I think we can make use of the code (somewhat on the lines of what Jimmi pointed to?).
I can help with the router implementations (haproxy and f5). Let me know about any design you have in mind and I can do my bit to vet. Thanks for this useful idea. Rajat On Nov 24, 2016 5:40 AM, "Jimmi Dyson" <[email protected]> wrote: > There's also an ingress based impl at https://github.com/jetstack/ > kube-lego. > > On Thu, Nov 24, 2016 at 1:35 PM, Tomas Nozicka <[email protected]> > wrote: > > I've been thinking for a long time about some kind of support for Let's > > Encrypt [1] in OpenShift. In the meantime Kelsey Hightower came with > > his PoC for Kubernetes [2]. It's a great starting point although it > > will need modifications to work with OpenShift's router. Actually I > > thing that in combination with the router it becomes more powerful, > > because your app does not even need to support https and reading > > certificates if your route is set to edge termination. > > > > The main goal here is to provide OpenShift users with valid > > certificates for free and enable HTTPS for everyone. It will also take > > care about certificates renewal. > > > > I believe this could be a great feature for OpenShift. I know I > > definitely want this for my server at home, but I think this could even > > work for Online, but let's not get ahead of ourself. It would make an > > awesome demo if you could just create a route for your service in > > OpenShift and get HTTPS (with a valid certificate) out of the box; or > > after installing the controller. > > > > I would be interested in writing such controller for OpenShift based on > > Kelsey's work, but I would appreciate some form of guidance from > > someone who knows the router or in general. I'd like to build this as > > an OSS with production quality; not just PoC. > > > > And I wanted to check if someone isn't already working on that? > > > > > > Thanks, > > Tomas > > > > [1] - https://letsencrypt.org/ > > [2] - https://github.com/kelseyhightower/kube-cert-manager > > > > _______________________________________________ > > dev mailing list > > [email protected] > > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev > > _______________________________________________ > dev mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
