Code Monkey home page Code Monkey logo

Comments (4)

arsenetar avatar arsenetar commented on June 2, 2024 1

Just to comment, even with the changes to the namespace certs, I have still found cases in a multi-tenant environment where wildcards in a ClusterDomainClaim would allow different sort of functionality. Especially when different "patterns" for domains might be desired by different tenants. The wildcard in ClusterDomainClaim allows for allocating the domain with all subdomains to a namespace then allowing the end user to configure their services as desired with any of those domains.

Single tenant environments can leverage the global configuration for namespace wildcards and the URL template to probably get what is desired without the extra steps.

This is also a duplicate of #14688

from serving.

arsenetar avatar arsenetar commented on June 2, 2024 1

@braunsonm np, I actually forgot I created that issue, its been awhile, I think keeping things consolidated into one makes sense as I think we both are after the same thing.

from serving.

dprotaso avatar dprotaso commented on June 2, 2024

Interesting - I'm wondering if your ask is necessary if you setup external-tls/autoTLS with the right knobs

Here we have the general template to configure URLs for Services
https://github.com/knative/networking/blob/66bdffa75840a1a7c1b3829740c196783e8babd0/config/config-network.yaml#L109

This knob lets you enable wild card certs for certain namespaces
https://github.com/knative/networking/blob/66bdffa75840a1a7c1b3829740c196783e8babd0/config/config-network.yaml#L84

Originally you could only have one wildcard domain - but @arsenetar just landed a feature to enable multiple domains - #14364 - this feature should be out in our v1.14 release in April.

For services you want to remain private you can add a visibility label
https://knative.dev/docs/serving/services/private-services/#making-individual-services-private

from serving.

braunsonm avatar braunsonm commented on June 2, 2024

@dprotaso I don't think this exactly addresses the need. While it is one part (the need for wildcard certs to be created) it does not address limiting/allowing access for a namespace to create DomainMappings for a specific subdomain.

Sorry @arsenetar I should have searched. I'm fine closing this in favour of your issue!

from serving.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.