You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, Nebari enforces an ingress check that requires a valid DNS resolution (to ingress IP) before proceeding with deploying anything after the kubernetes_ingress stage
However, when using the DNS Challenge for Let's Encrypt, this check is not required since the certificate issuance does not rely on the ingress IP pointing to DNS record, but rather on just the DNS records.
This can be overly restrictive because when deploying Nebari in a private network, the DNS may not always point to the ingress IP address, like say there is a custom proxy in between:
+-------------+
| DNS Record |
+-------------+
|
v
+---------------+
| Custom Proxy |
+---------------+
|
v
+-------------+
| Ingress IP |
+-------------+
|
v
+-------------------+
| Private Network |
+-------------------+
Anything else?
No response
The text was updated successfully, but these errors were encountered:
Feature description
acme_challenge_type=dnsis used.This is relevant after #2957 is merged.
Value and/or benefit
Currently, Nebari enforces an ingress check that requires a valid DNS resolution (to ingress IP) before proceeding with deploying anything after the
kubernetes_ingressstagenebari/src/_nebari/stages/kubernetes_ingress/__init__.py
Line 64 in 3c22840
However, when using the DNS Challenge for Let's Encrypt, this check is not required since the certificate issuance does not rely on the ingress IP pointing to DNS record, but rather on just the DNS records.
This can be overly restrictive because when deploying Nebari in a private network, the DNS may not always point to the ingress IP address, like say there is a custom proxy in between:
Anything else?
No response
The text was updated successfully, but these errors were encountered: