Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Using Voyager and Let's Encrypt in multiple Kubernetes clusters in different regions #687
From @greg-jaunt in slack:
I currently have two Kubernetes clusters in two different AWS regions behind a single geolocating Route 53 DNS CNAME that routes to the same service running behind Voyager in both clusters. Today I am hand-configuring the same Let's Encrypt cert in each cluster.
This should work. But applicable rate limiting will be applied by LE.
From https://letsencrypt.org/docs/rate-limits/, I did not 4-requests-a-day rule. But I see
No, I think. Each valiudation process should get its own CNAME that will be added to Rpoute53. So, it should succeed independenctly. I have also seen that LE cache domain validations. See the last FAQ: https://letsencrypt.org/docs/faq/
Have you looked into using cluster federation. Using Federated secrets you can avoid issuing certs in each cluster.
We recommend using kubed for syncing secrets across clusters. https://appscode.com/products/kubed/0.5.0/guides/config-syncer/inter-cluster/