Comments (5)
From @jchauncey on October 14, 2016 17:23
On your last point I'm not sure I agree. If someone has paid for a wildcard cert they might not want to pay for individual certs for each application too. Seems kind of redundant
from workflow.
From @jchauncey on October 14, 2016 17:31
┌──────────┐
│ Internet │
└──────────┘
│
│
443/SSL
│
▼
┌────────────────────┐
│ AWS ELB │
│ or │
│ Some other LB │
└────────────────────┘
│
443/SSL
▼
┌────────────────┐
│ Kubernetes │
│ Load Balancer │
└────────────────┘
│
┌──────443/SSL────────────┼────443/SSL──────────────┐
│ │ │
▼ ▼ ▼
┌─App Pod────────────┐ ┌─App Pod────────────┐ ┌─App Pod────────────┐
│ Container: Foo │ │ Container: Foo │ │ Container: Foo │
┌──│ Container: Nginx │ │ Container: Nginx │ │ Container: Nginx │
│ │ │ │ │ │ │
│ └────────────────────┘ └────────────────────┘ └────────────────────┘
│ ▲
HTTP/Any │
port──────────┘
from workflow.
From @krancour on October 14, 2016 20:55
@jchauncey nice diagram.
from workflow.
From @krancour on October 18, 2016 13:53
On your last point I'm not sure I agree. If someone has paid for a wildcard cert they might not want to pay for individual certs for each application too.
I should have been more clear. This shouldn't happen automatically (for security reasons), but if you, as a developer or app operator legitimately do have access to the same wildcard cert that the cluster operator used as the platform cert, there should be nothing that prevents you from uploading it using deis certs:add
and attaching it to your application's domain(s) using deis certs:attach
.
from workflow.
From @olalonde on October 24, 2016 20:51
Not sure if that helps at all but I just found out about linkerd which can be used to achieve e2e SSL between k8s services: https://blog.buoyant.io/2016/10/24/a-service-mesh-for-kubernetes-part-iii-encrypting-all-the-things/
from workflow.
Related Issues (20)
- AWS ALB/NLB support?
- Docs: broken link(s) to Deis blog HOT 7
- ssh_exchange_identification: read: Connection reset by peer HOT 7
- There is an incredibly amount of verbose output when a buildpack is not matched HOT 5
- Helm install fails HOT 2
- Simple installation of Hephy wouldn't work. Client on Mac OS X and Cluster on AWS HOT 13
- Unable to install hephy workflow HOT 18
- How to manage application databases with workflow? HOT 6
- `deis certs` doesn't show certs added by another (admin) user HOT 2
- Unable to install onto Kubernetes 1.18.3 HOT 2
- ps:restart should rolling restart the pods HOT 2
- deis logs is not returning pod logs HOT 7
- Guide for Rancher HOT 6
- error upgrading from very old install, hephy/postgres:v2.7.3 boots but hephy/postgres:v2.7.6 does not. HOT 5
- Chart is broken. HOT 1
- [feature request] Enable to drop monitor HOT 1
- [feature support] Enable to add affinities. HOT 6
- Helm Hub - missing README HOT 2
- Automated release of workflow/docs HOT 2
- Add x-forwarded-host to the nginx config in the deis-router for ruby apps issue HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from workflow.