Comments (3)
johnlanni
commented on July 16, 2024
cc @2456868764
from higress.
zzjin
commented on July 16, 2024
The simple way: add parse logic with CredentialConfig.TLSSecret, eg support "sealos-system/wildcard-cert" instead of "wildcard-cert" for higress-system namespace.
automaticHttps: false
fallbackForInvalidSecret: true
acmeIssuer:
- email: [email protected]
name: letsencrypt
renewBeforeDays: 1
credentialConfig:
- domains:
- '*.sealos.io'
- 'sealos.io'
tlsSecret: sealos-system/wildcard-cert
# tlsSecret: wildcard-certBut here comes the conflict:
when user also set AutomaticHttps=true alongside with namespace-ed tlsSecret, the SecretMgr cannot support it since it can only update and manage secret under higress-system own namespace.
https://github.com/alibaba/higress/blob/main/pkg/cert/secret.go#L48-L70
from higress.
johnlanni
commented on July 16, 2024
I am inclined to enable automatic HTTPS, maintaining consistent behavior, which also entails writing to the designated namespace's secret. It should be noted that this requires adjusting the clusterrole to grant higress access to write to secrets in other namespaces.
from higress.
Related Issues (20)
- 目前有全局配置对接lets encrypt,希望能通过ingress注解支持ingress粒度的,类似cert manager HOT 1
- jwt-auth claims to headers failed HOT 2
- When matching the original path with regex, the rewriting path is not correct. HOT 11
- ai-token-ratelimit 插件 stream 模式下 token 计算有误 HOT 2
- moonshot contextCache 潜在的问题 HOT 1
- 支持 moonshot contextCache HOT 1
- higress-controller: Failed to watch *v1.Deployment: failed to list *v1.Deployment: deployments.apps is forbidden HOT 2
- higress-gateway - 希望可以支持访问日志请求体的打印插件 HOT 1
- There is no docs about config plugins for the ingress way. HOT 2
- Need a general forward auth plugin to delegate authentication and authorization to external service. HOT 4
- 按照Wasm 插件镜像规范构建出的镜像不可用 HOT 7
- 修改Helm部署模板中controller.name/.Values.gateway.name后higress-gateway无法运行 HOT 5
- OPA 插件优化,减少opa请求次数。
- Config key-cluster-rate-limit plugin failed. HOT 18
- 后端业务 Pod 里的 nginx 转发到 localhost 透传到了 http 302 response里 HOT 12
- Higress console ingress not work when managed by higress, but it did work when managed by nginx ingress controller. HOT 4
- nginx 转发 https 协议的higress 域名出现104 Connection reset by peer报错 HOT 5
- higress接入Skywaking没有数据 HOT 1
- Higress是否支持跨K8s集群路由
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from higress.