Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

接入cert-manager为域名签发免费证书 #1905

Open
qcz-cell opened this issue Apr 4, 2024 · 1 comment
Open

接入cert-manager为域名签发免费证书 #1905

qcz-cell opened this issue Apr 4, 2024 · 1 comment
Assignees
@yangkaa
Labels
kind/design kind/feature Feature Suggestions
Milestone
6.0

Comments

@qcz-cell
Copy link

qcz-cell commented Apr 4, 2024

1.需求背景:各大云厂商提供证书购买渠道,但是通常情况下每年都要花费预算购买,这是一笔不小的开销。对于单体架构的系统,可以通过Let’s Encrypt为单个域名定制签发域名证书的定时任务,90天到期自动续期,但是对于大量域名证书(尤其是SAAS服务系统,用户有自己的域名),这种方式不仅增加了服务器资源的占用,还增加了运维的复杂度,不利于管理且易出错。
2.替代方案:cert-manager,官网访问地址:https://cert-manager.io/docs/getting-started
3.使用方式:目前rainband的证书管理方式只能通过复制公私密钥来存储证书,证书到期后任然需要重复这一动作,希望rainband能通过接入cert-manager让用户只需要填写域名,就可以为用户提供一次性管理方案,而rainband只需要为这个域名创建一个发行者即可,证书发行者在证书到期后会自动为其续期。当rainband的用户在使用操作场来创建服务网关时,只需要选取域名即可,域名证书由cert-manager提供
@Issues-translate-bot
Copy link

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Title: Access cert-manager to issue a free certificate for the domain name

  1. Demand background: Major cloud vendors provide certificate purchase channels, but usually they require a budget to purchase every year, which is a large expense. For a system with a single architecture, Let's Encrypt can be used to customize the scheduled task of issuing a domain name certificate for a single domain name, and it will be automatically renewed after 90 days. However, for a large number of domain name certificates (especially SAAS service systems, users have their own domain names), this This method not only increases the occupation of server resources, but also increases the complexity of operation and maintenance, which is not conducive to management and prone to errors.
  2. Alternative: cert-manager, official website access address: https://cert-manager.io/docs/getting-started
  3. How to use: The current certificate management method of rainband can only store the certificate by copying the public and private keys. After the certificate expires, this action still needs to be repeated. We hope that rainband can connect to cert-manager so that users only need to fill in the domain name. It can provide users with a one-time management solution, and rainband only needs to create an issuer for this domain name. The certificate issuer will automatically renew the certificate after it expires. When rainband users use the operation farm to create a service gateway, they only need to select a domain name. The domain name certificate is provided by cert-manager

@zzzhangqi zzzhangqi added kind/feature Feature Suggestions kind/design labels Apr 7, 2024
@zzzhangqi zzzhangqi added this to the 6.0 milestone Apr 7, 2024
@zzzhangqi zzzhangqi moved this to Todo in Development Plan Apr 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yangkaa yangkaa

Labels
kind/design kind/feature Feature Suggestions
Projects
Development Plan
Status: Todo
Milestone
6.0
Development

No branches or pull requests
4 participants
@yangkaa @zzzhangqi @qcz-cell @Issues-translate-bot