Vanity domain support for DNS

[cjellick]

Users should be able to configure vanity domains for DNS provided by Acorn DNS

[cjellick]

Pulled out as a separate issue from https://github.com/acorn-io/acorn/issues/59

[cjellick]

stretch goal for the v0.4.0 release

[cjellick]

@iwilltry42 I know we've discussed having someone else do this with you leading/mentoring on it, but I've changed my mind because I'd really like to see it get done in v0.4.0. So, assigning it to you.

[iwilltry42]

At a first glance, I'd go this route:

1. Use https://github.com/acorn-io/acorn/blob/beb70497522f1370b111759a956d8d362e9e7bd7/pkg/publish/cert.go#L109 to get a list of non-TLS-covered hosts
2. Create empty TLS secrets for those hosts and append them to the list in the same function
3. Somehow have Acorn watch for those secrets (alternatively create some CR or something the like to create a watcher for) that takes care of populating those secrets with LE certs via HTTP01 challenge

Looks like the simplest way to get TLS for everything that is not covered by our wildcard cert or user-/cluster-provided certs.

(3.) Is where I'd need some input opinion on @vincent99 @ibuildthecloud

[cjellick]

So, we have the --publish bit implemented, but if I do acorn install --cluster-domain jellick.world (to replace on-acorn.io), I don't get certs for those domains. We should be able to support that, right?

I'm going to keep this issue open and move it out of the milestone

[ibuildthecloud]

Yes, we should support that.

[iwilltry42]

@cjellick & @ibuildthecloud we're looking for appInstance.Spec.Ports... which don't seem to be set when using cluster-domain :thinking:

[cjellick]

@iwilltry42 i'd like this to be one of your v0.5.0 enhancements

[flobaader]

Any news on this topic? We can not use acorn for our production apps, because we needs TLS for our own domains.

[iwilltry42]

@flobaader the PR was released in v0.5.0, please give it a try.

[flobaader]

@iwilltry42 the TLS function works, thank you guys!