-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stop using a self-signed CA and use LetsEncrypt #217
Comments
i think there is something to be said about this and external-dns be simply a toggleable component in the vars file. If the intent for this to be a universal tool that allows tetrands to spin up what they need and also be something external customers can consume, we cannot make some of these assumptions about external reachability/etc. my 2c |
I agree. When it comes to implementing this it should be configurable, and we can support multiple CAs. |
SubCa using Letsencrypt is not an option, however we can use cloud provided private CAs to implement if required https://community.letsencrypt.org/t/can-i-create-my-own-subca-certificate/174394 Absolutely, external-dns is an option, but in my opinion it is a win functionality to which we should converge as a baseline foundation, i.e. VM onboarding operator dns record or even TSB MP DNS record generation |
letsencrypt ratelimits may cause headaches |
Instead of using a self-signed CA we could be creating a LetsEncrypt issuer to issue certificates. we have all the bits needed to manage DNS so we should be able to create LetsEncrypt configs with DNS-based challenges.
The text was updated successfully, but these errors were encountered: