Skip to content

Fix installation fails when using Let's Encrypt cluster issuer#119

Open
PhanLe1010 wants to merge 3 commits intos3gw-tech:mainfrom
PhanLe1010:letsencrypt-issue
Open

Fix installation fails when using Let's Encrypt cluster issuer#119
PhanLe1010 wants to merge 3 commits intos3gw-tech:mainfrom
PhanLe1010:letsencrypt-issue

Conversation

@PhanLe1010
Copy link
Copy Markdown

@PhanLe1010 PhanLe1010 commented Aug 14, 2023
edited
Loading

Describe your changes

This PR fixes 3 bugs described in each commits:

  • Fix tlsIssuer names and the consumers of these tlsIssuers
  • The ingress of AMCE server need to be contact through http port
  • Cannot use wildcard for http01 AMCE resolver

Issue ticket number and link

Checklist before requesting a review

  • I have performed a self-review of my code.
  • If it is a core feature, I have added thorough tests.
  • CHANGELOG.md has been updated should there be relevant changes in this PR.

@PhanLe1010
Fix tlsIssuer names and the consumers of these tlsIssuers
37cf701 
The consumers need to reference the correct name of the tlsIssuers.
Cosummers are traefik ingress and the cluster-ip-cert

Signed-off-by: Phan Le <phan.le@suse.com>
@PhanLe1010
The ingress of AMCE server need to be contact through http port
db311c7 
Signed-off-by: Phan Le <phan.le@suse.com>
@PhanLe1010
Cannot use wildcard for http01 AMCE resolver
a6a8db4 
Signed-off-by: Phan Le <phan.le@suse.com>
@PhanLe1010 PhanLe1010 mentioned this pull request Aug 14, 2023
Closed
3 tasks
@jecluis jecluis requested a review from m-ildefons August 15, 2023 01:57
@jecluis
Copy link
Copy Markdown
Contributor

jecluis commented Aug 15, 2023

Hi @PhanLe1010 . Thank you for your contribution. It will be reviewed shortly. In the meantime, would you mind signing your commits in this patch set? If you are not familiar with how commits can be signed, please refer to the github documentation.

jecluis
jecluis reviewed Aug 15, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@jecluis jecluis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm concerned about dropping support for wildcard certificates. This will break vhost-based bucket access.

Also, please keep in mind that you should remove lines instead of commenting them, unless there's a compelling reason to leave them commented in the code.

Comment thread charts/s3gw/templates/ingress-traefik.yaml
- hosts:
- '{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
- '*.{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
# - '*.{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
Copy link
Copy Markdown
Contributor

@jecluis jecluis Aug 15, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe @m-ildefons can comment on this, but I think this will not work. We need wildcard certificates for vhost-based bucket access.

Copy link
Copy Markdown
Author

@PhanLe1010 PhanLe1010 Aug 15, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jecluis , we are discussing this wildcard cert topic inside our discuss-s3gw Slack channel. I will update the PR once we come to a conclusion

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jecluis jecluis jecluis left review comments

@m-ildefons m-ildefons Awaiting requested review from m-ildefons

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@PhanLe1010 @jecluis