Replies: 2 comments 9 replies
-
Hey @agracey I converted this into a discussion, because we discuss this often and don't know how to start on it. Well and also because I wanted to see if discussions can clean up the issue list for us :) So, if I understood correctly in todays planning, this is about using https://github.com/rancher/rdns-server If we use that, instead of issuing IP based hostnames, e.g. I'm not sure how we would generate certs for the user, that means either terminating their SSL traffic, or managing their private key? I don't see anything in rdns-server that supports this. This story gets mixed up with the story to move away from Another story that also belongs in this discussion is the support for https://github.com/kubernetes-sigs/external-dns
That would be useful, if users have their own DNS already for demo or production setups. However it doesn't help with the "easy" deployment. However having your own DNS, means you can configure cert-manager to do ACME DNS challenges, which allows for wildcard and private IP records with production Letsencrypt certs. |
Beta Was this translation helpful? Give feedback.
-
on-rio.io is using a deployed service (https://github.com/rancher/rdns-server) to provide that feature. The benefit of having production certs (not self signed etc) would only make sense if that service was supposed to be used in production. We can't make such guarantee, even if we decided to deploy such a service. Both The only problem I see with |
Beta Was this translation helpful? Give feedback.
-
Rio had a feature where when you installed the platform, it would set up a non-wildcard DNS entry that routes to the ingress provided.
If we did the same with Epinio, we could simplify some of the installation process. It could also mean that we generate real certs from an intermediate we control.
Beta Was this translation helpful? Give feedback.
All reactions