TLS for ingress identifier #1145
Comments
|
This issue is blocking potential features like https://github.com/jetstack/kube-lego integration for LetsEncrypt |
|
Also, Istio support should include tls via ingress resources (not necessarily SNI, but at least dynamic cert reloading) |
|
As this has been closed - does it mean the feature is perceived as unimportant and disappears from the Linkerd roadmap? |
|
@klingerf Our use case leverages the automatic TLS certificate lifecycle management for services exposed via k8s Ingress using LetsEncrypt and the kube-lego mentioned before by @esbie. Currently I'm using NGINX Ingress Controller and it works for me well enough. We might be interested in switching to Linkerd Ingress Controller though, as soon as it provides this feature. Except of having a single Ingress class (less of artifacts to deploy) I guess this would likely also give us better traceability (metrics) of network communication flow (provided by Linkerd-viz, Zipkin etc), starting already from the Ingress controller associated k8s service. Below is our current Ingress example: apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-service
namespace: my-system
annotations:
kubernetes.io/tls-acme: "true"
ingress.kubernetes.io/secure-backends: "true"
kubernetes.io/ingress.class: "nginx"
external-dns.alpha.kubernetes.io/hostname: "my-service.example.org."
external-dns.alpha.kubernetes.io/ttl: 60
spec:
tls:
- hosts:
- my-service.example.org
secretName: my-service-ingress-tls
rules:
- host: my-service.example.org
http:
paths:
- backend:
serviceName: my-service
servicePort: 4140 |
|
@valdemon Thanks, that's very helpful. |
* v0.4.4 release notes * Tweak wording about adblocker fix Signed-off-by: Kevin Lingerfelt <[email protected]>
As an ingress-controller, we ought to support tls as defined here: https://kubernetes.io/docs/user-guide/ingress/#tls
The text was updated successfully, but these errors were encountered: