Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v2 & Let's Encrypt in an HA setup #5792

Closed
geraldcroes opened this issue Nov 6, 2019 · 4 comments
Closed

v2 & Let's Encrypt in an HA setup #5792

geraldcroes opened this issue Nov 6, 2019 · 4 comments
Assignees
@dtomcej
Labels
area/documentation kind/enhancement a new or improved feature. status/5-frozen-due-to-age
Milestone
2.0

Comments

@geraldcroes
Copy link
Contributor

Do you want to request a feature or report a bug?

Feature

What did you expect to see?

By design, Traefik 2.0 is stateless and HA: Users can deploy multiple instances to ensure that at least one Traefik instance can route requests at any time.

Though, when using Let's Encrypt for automatic certificate generation, the certificate negotiation cannot be consistently achieved because there is no guarantee that the initiator of the negotiation gets the subsequent calls.

Traefik 1.X used to leverage K/V stores & elect leaders that would be responsible for the certificate negotiations. Still, many issues were left unsolved ( #4851 #3487 #5047 #3833) because of a flawed design. In 2.0, we chose to remove the feature to keep Traefik a simple and elegant data plane (#5426).

Thanks to third-party software (like CertManager), using Let's Encrypt in an HA setup is still possible, and we need to document how.
@geraldcroes geraldcroes added area/documentation kind/enhancement a new or improved feature. labels Nov 6, 2019
@ldez ldez changed the title 2.0 & Let's Encrypt in an HA setup v2 & Let's Encrypt in an HA setup Nov 6, 2019
@emilevauge emilevauge mentioned this issue Nov 6, 2019
Closed
@nsteinmetz
Copy link

If it can help, I quickly wrote a blog post here: https://www.cerenit.fr/blog/kubernetes-ovh-traefik2-cert-manager-secrets/

I can provide a translation if you're interested.

@nsteinmetz nsteinmetz mentioned this issue Nov 27, 2019
Open
@dtomcej dtomcej mentioned this issue Nov 27, 2019
Merged
2 tasks
@mmatur
Copy link
Member

mmatur commented Nov 28, 2019
edited
Loading

I worked on an example of traefik v2.0 and cert-manager
https://github.com/mmatur/traefik-cert-manager

@traefiker traefiker added this to the 2.0 milestone Dec 9, 2019
@traefiker
Copy link
Contributor

Closed by #5902.

@schnz
Copy link

schnz commented Dec 10, 2019

Closed by #5902.

IMO this issue shouldn't be closed. The referenced PR only addresses how to setup Let's encrypt in a kubernetes HA setup. Unfortunately this doesn't help us people that do not use k8s for orchestration. Ideally, the proposed solution should be agnostic to the used orchestration tool.

@SantoDE SantoDE mentioned this issue Dec 16, 2019
Closed
@polarathene polarathene mentioned this issue Jan 7, 2020
Closed
@traefik traefik locked and limited conversation to collaborators Jan 15, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dtomcej dtomcej

Labels
area/documentation kind/enhancement a new or improved feature. status/5-frozen-due-to-age
Projects
None yet
Milestone
2.0
Development

No branches or pull requests
7 participants
@nsteinmetz @geraldcroes @mmatur @schnz @ldez @dtomcej @traefiker