Use cert manager instead of lego for k8s SSL certificates #1924
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nambrot
approved these changes
Nov 26, 2019
Codecov Report
@@ Coverage Diff @@
## master #1924 +/- ##
========================================
Coverage ? 74.2%
========================================
Files ? 278
Lines ? 7673
Branches ? 674
========================================
Hits ? 5694
Misses ? 1862
Partials ? 117
Continue to review full report at Codecov.
|
aaronmgdr
added a commit
that referenced
this pull request
Nov 27, 2019
…into aaronmgdr/build4 * 'aaronmgdr/build4' of github.com:celo-org/celo-monorepo: Dedicated signing of attestation messages (#1913) Allow BLS info to be passed to validator:register without 0x prefix (#1919) Use cert manager instead of lego for k8s SSL certificates (#1924) Fix protocol tests (#1835) Fix bug in LockedGold.relock wrapper (#1915) Add account:show command (#1916) Add warning about misusing pumba (#1857) Baklava docs improvements (#1854) Negate reversed conditional in faucet command (#1863)
aaronmgdr
added a commit
that referenced
this pull request
Nov 27, 2019
* master: (97 commits) Fix celotool expected cluster check (#1932) Build Page for Baklava Launch Part 1 (#1866) cli: Fix for #1875 (#1920) cli: Fixes for #1880 and #1874 (#1918) Minor edits to full-node and other docs (#1917) Check that we have provisioned phone numbers (#1927) Sort invite contact list (#1936) Generate the pop for the attestation service with geth (#1931) Have validators use ephemeral node keys by default (#1922) Enhanced Validator Setup Docs (#1926) Indicate account registration (#1928) Bugfix: actually whitelist oracle account (#1865) Display current account locked gold requirement in lockedgold:show (#1923) Dedicated signing of attestation messages (#1913) Allow BLS info to be passed to validator:register without 0x prefix (#1919) Use cert manager instead of lego for k8s SSL certificates (#1924) Fix protocol tests (#1835) Fix bug in LockedGold.relock wrapper (#1915) Add account:show command (#1916) Add warning about misusing pumba (#1857) ... # Conflicts: # packages/web/pages/_app.tsx # yarn.lock
tkporter
added a commit
that referenced
this pull request
Dec 2, 2019
This was referenced Jan 1, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This uses https://github.com/jetstack/cert-manager, which is the successor of the now-deprecated lego, to get SSL certificates. Lego doesn't support the v2 let's encrypt ACME protocol, and v1 was recently phased out, so we had to upgrade. I migrated all our clusters a while back to use cert-manager instead of lego (~ a month ago) but never opened this PR.
Tested
Moved all our clusters over to using cert-manager, let it sit & everything has worked, tested cluster setup
Other changes
n/a
Related issues
n/a
Backwards compatibility
Yes- getting an SSL certificate for an ingress is the exact same