Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document LE caveats with Kubernetes on v2 #5902

Merged
merged 1 commit into from Dec 9, 2019
Merged

Document LE caveats with Kubernetes on v2 #5902

merged 1 commit into from Dec 9, 2019

Conversation

dtomcej
Copy link
Contributor

@dtomcej dtomcej commented Nov 27, 2019
edited

What does this PR do?

This PR improves the documentation for LetsEncrypt use by making note of the HA caveats, and providing workarounds for known design choices.

Motivation

Documentation was not clear on the removal of distributed LetsEncrypt, and how it would affect kubernetes users.

More

  • Added/updated tests - Not needed, documentation update
  • Added/updated documentation

Fixes #5792

@dtomcej dtomcej changed the base branch from master to v2.0 November 27, 2019 15:22
@ldez ldez added this to the 2.0 milestone Nov 27, 2019
@ldez ldez added this to To review in v2 via automation Nov 27, 2019
SantoDE
SantoDE approved these changes Nov 27, 2019
View reviewed changes
Copy link
Collaborator

@SantoDE SantoDE left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks

dduportal
dduportal approved these changes Nov 27, 2019
View reviewed changes
Copy link
Contributor

@dduportal dduportal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

ldez
ldez approved these changes Dec 9, 2019
View reviewed changes
Copy link
Member

@ldez ldez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@traefiker traefiker merged commit 50bb69b into traefik:v2.0 Dec 9, 2019
v2 automation moved this from To review to Done Dec 9, 2019
@traefiker traefiker mentioned this pull request Dec 9, 2019
Closed
@schnz
Copy link

schnz commented Dec 10, 2019
edited

Unfortunately, it is not possible to run multiple instances of Traefik 2.0 with LetsEncrypt enabled, because there is no way to ensure that the correct instance of Traefik will receive the challenge request, and subsequent responses.

Couldn't one use a DNS entry that resolves to a dedicated traefik instance within a HA setup (e.g. traefik-master.myzone.tld)? Furthermore, this instance could be configured differently from the other instances. IMO the problem is not with routing the challenge requests to the correct Traefik instance. It's that traefik does (currently) not allow to share the received certificates with other instances (in read-only mode), e.g. by means of a KV store.

@Tolsto
Copy link

Tolsto commented Feb 28, 2020

@dtomcej You mention that there is currently work being done on integrating cert-manager with Traefik CRDs. Can you share what the current status is there?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SantoDE SantoDE SantoDE approved these changes

@dduportal dduportal dduportal approved these changes

@ldez ldez ldez approved these changes

Assignees
No one assigned
Labels
area/acme area/documentation area/provider/k8s/crd area/provider/k8s/ingress size/M
Projects
No open projects
v2
Done
Milestone
2.0
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@dtomcej @schnz @Tolsto @SantoDE @dduportal @ldez @traefiker