File names should match Ingress TLS
Closed this issue · 5 comments
Kubernetes suports TLS secrets for Ingress: http://kubernetes.io/docs/user-guide/ingress/#tls
The file names in the secrets created by the controller should match this. I'm tentatively marking this as milestone 2 because it breaks compatibility.
I was thinking of implementing this by allowing environment variables to override the default names. Meaning it could be backwards compatible prior to v2.0. How do you feel about that approach?
@ahume Is your use-case also Ingress controllers? I've been considering to just let it create files with both the current names and the Ingress-specific ones (storage is cheap!).
Were you thinking about envvars on controller level (i.e. affecting all secrets created by the controller)? It's also possible on annotation-level but would probably get very verbose and I suppose most people have a somewhat uniform infrastructure.
Yes, the GCLB add-on for Google Container Engine. I was thinking env vars for the controller. As you say, within a single cluster I imagine the mechanisms for SSL termination being consistent. I've a code change that implements this which I'll push to a fork later today for you to look at.
I'd suggest going down the path of trying to match the expected file names for different ingress implementations inside the letsencrypt-controller could get unwieldy, and somewhat couples what are independent components.
Sounds good to me. I'll change this issue to the next release milestone instead.
Looking forward to your PR!
Released as v1.4!