-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v2 & Let's Encrypt in an HA setup #5792
Comments
If it can help, I quickly wrote a blog post here: https://www.cerenit.fr/blog/kubernetes-ovh-traefik2-cert-manager-secrets/ I can provide a translation if you're interested. |
I worked on an example of traefik v2.0 and cert-manager |
Closed by #5902. |
IMO this issue shouldn't be closed. The referenced PR only addresses how to setup Let's encrypt in a kubernetes HA setup. Unfortunately this doesn't help us people that do not use k8s for orchestration. Ideally, the proposed solution should be agnostic to the used orchestration tool. |
Do you want to request a feature or report a bug?
Feature
What did you expect to see?
By design, Traefik 2.0 is stateless and HA: Users can deploy multiple instances to ensure that at least one Traefik instance can route requests at any time.
Though, when using Let's Encrypt for automatic certificate generation, the certificate negotiation cannot be consistently achieved because there is no guarantee that the initiator of the negotiation gets the subsequent calls.
Traefik 1.X used to leverage K/V stores & elect leaders that would be responsible for the certificate negotiations. Still, many issues were left unsolved ( #4851 #3487 #5047 #3833) because of a flawed design. In 2.0, we chose to remove the feature to keep Traefik a simple and elegant data plane (#5426).
Thanks to third-party software (like CertManager), using Let's Encrypt in an HA setup is still possible, and we need to document how.
The text was updated successfully, but these errors were encountered: