The public Toolforge API gateway frontend currently has self-signed certificates. In order to publicly expose that endpoint we need to have it use Lets Encrypt certificates instead. This can be done either by somehow syncing acme-chief certs to the Kubernetes cluster, or by having cert-manager issue those certificates separately.
Description
Description
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | Feature | None | T329425 Toolforge OpenTofu support | ||
| Open | None | T332480 Make it possible to maintain Toolforge tools via an easy-to-use web interface instead of a command-line one | |||
| Resolved | dcaro | T332476 Toolforge: expose API gateway to the internet | |||
| Resolved | dcaro | T332479 Use Let's Encrypt certificates for the Toolforge API gateway |
Event Timeline
Comment Actions
This is done already :)
dcaro@acme$ openssl s_client -showcerts -connect api.svc.toolforge.org:443 | grep -i 'O=' Connecting to 185.15.56.11 depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1 verify return:1 depth=1 C=US, O=Let's Encrypt, CN=R10 verify return:1 depth=0 CN=toolforge.org verify return:1 i:C=US, O=Let's Encrypt, CN=R10 1 s:C=US, O=Let's Encrypt, CN=R10