HTTPS/TLS/SSL provider ingress support #3
Description
Is your feature request related to a problem? Please describe.
People have to use 3rd party services for terminating HTTPS (TLS/SSL), i.e. CloudFlare.
Le'ts add the HTTPS support so to make Akash more decentralized! :-)
Describe the solution you'd like
There is a cert-manager for Kubernetes which supports multiple issuers, including ACME (Let's Encrypt supported!)
So it'd be cool if Akash could support that!
All that it would need is to support setting the correct annotation to the "Ingress" type of K8s resource:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
letsencrypt is just an arbitrary name, it could be anything there.
Cluster Issuer can be configured by the Akash provider admin.
In my case I've configured it as letsencrypt:
$ kubectl get ClusterIssuers
NAME READY AGE
letsencrypt True 301d
And here are the instructions on how to configure a basic ACME issuer (I am using that) => https://cert-manager.io/docs/configuration/acme/#creating-a-basic-acme-issuer
The instructions are for Staging Let's Encrypt.
So to use the Production Let's Encrypt, just change https://acme-staging-v02.api.letsencrypt.org/directory to https://acme-v02.api.letsencrypt.org/directory :-)
But it's always good to test the staging one, to make sure it is working (i.e. creating the secrets with the keys there) so to not hit the LE's rate limits.
I would see the cert manager cluster-issuer name could be configured via Akash provider's argument, in the same way we can specify the deployment runtime as of now:
$ akash provider run --help |grep runt
--deployment-runtime-class string kubernetes runtime class for deployments, use none for no specification (default "gvisor")