I'm currently using a toy implementation I wrote at https://github.com/lukegb/openshiftle, but it doesn't attempt to do persistent of its ACME private key or anything, just updates the private key.
It's a little buggy (mostly when setting up the route for /.well-known to point to itself), so it's definitely not production ready, but it is usable. Luke On Thu, Nov 24, 2016 at 2:29 PM, Rajat Chopra <[email protected]> wrote: > It would certainly be a useful feature. Especially for online. > The router part should be relatively straightforward, though we plan to > move to ingress objects pretty soon. Even then I think we can make use of > the code (somewhat on the lines of what Jimmi pointed to?). > > I can help with the router implementations (haproxy and f5). Let me know > about any design you have in mind and I can do my bit to vet. > > Thanks for this useful idea. > Rajat > > On Nov 24, 2016 5:40 AM, "Jimmi Dyson" <[email protected]> wrote: > >> There's also an ingress based impl at https://github.com/jetstack/ku >> be-lego. >> >> On Thu, Nov 24, 2016 at 1:35 PM, Tomas Nozicka <[email protected]> >> wrote: >> > I've been thinking for a long time about some kind of support for Let's >> > Encrypt [1] in OpenShift. In the meantime Kelsey Hightower came with >> > his PoC for Kubernetes [2]. It's a great starting point although it >> > will need modifications to work with OpenShift's router. Actually I >> > thing that in combination with the router it becomes more powerful, >> > because your app does not even need to support https and reading >> > certificates if your route is set to edge termination. >> > >> > The main goal here is to provide OpenShift users with valid >> > certificates for free and enable HTTPS for everyone. It will also take >> > care about certificates renewal. >> > >> > I believe this could be a great feature for OpenShift. I know I >> > definitely want this for my server at home, but I think this could even >> > work for Online, but let's not get ahead of ourself. It would make an >> > awesome demo if you could just create a route for your service in >> > OpenShift and get HTTPS (with a valid certificate) out of the box; or >> > after installing the controller. >> > >> > I would be interested in writing such controller for OpenShift based on >> > Kelsey's work, but I would appreciate some form of guidance from >> > someone who knows the router or in general. I'd like to build this as >> > an OSS with production quality; not just PoC. >> > >> > And I wanted to check if someone isn't already working on that? >> > >> > >> > Thanks, >> > Tomas >> > >> > [1] - https://letsencrypt.org/ >> > [2] - https://github.com/kelseyhightower/kube-cert-manager >> > >> > _______________________________________________ >> > dev mailing list >> > [email protected] >> > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >> >> _______________________________________________ >> dev mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >> > > _______________________________________________ > dev mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev > >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
