Problem Statement
As per the documentation, the very first time "openshell sandbox create" CLI command also boots up a K3S cluster inside a docker container (named "openshell-cluster-openshell"). Within the K3S cluster, it automatically creates an OpenShell gateway (with mTLS enabled).
As the certificate info. does not initially exist inside the docker container, the gateway errors out complaining about the certificate. In order to resolve this issue, I ended up manually copying the certificate inside the docker container and perform the following steps in order to do the mTLS successfully.
The question I have is, is there a way to pass the certificate related information as an argument at the time of "openshell sandbox create" CLI command itself? Thanks.
+++++++++++++
docker cp ~/Downloads/xxx.pem openshell-cluster-openshell:/usr/local/share/ca-certificates/xxx.crt
# within the docker container
rm -f /etc/ssl/certs/ca-certificates.crt
update-ca-certificates --fresh
openssl s_client -showcerts -connect ghcr.io:443 </dev/null | grep "Verification"
ps aux | grep k3s
# reboot the server
kill -9 <97>
Proposed Design
Pass the certificate related information as an argument at the time of "openshell sandbox create" CLI command itself.
Alternatives Considered
I had to manually upload the certificate and perform multiple steps in order to perform mTLS successfully (as mentioned above).
Agent Investigation
No response
Checklist
Problem Statement
As per the documentation, the very first time "openshell sandbox create" CLI command also boots up a K3S cluster inside a docker container (named "openshell-cluster-openshell"). Within the K3S cluster, it automatically creates an OpenShell gateway (with mTLS enabled).
As the certificate info. does not initially exist inside the docker container, the gateway errors out complaining about the certificate. In order to resolve this issue, I ended up manually copying the certificate inside the docker container and perform the following steps in order to do the mTLS successfully.
The question I have is, is there a way to pass the certificate related information as an argument at the time of "openshell sandbox create" CLI command itself? Thanks.
+++++++++++++
docker cp ~/Downloads/xxx.pem openshell-cluster-openshell:/usr/local/share/ca-certificates/xxx.crt
# within the docker container
rm -f /etc/ssl/certs/ca-certificates.crt
update-ca-certificates --fresh
openssl s_client -showcerts -connect ghcr.io:443 </dev/null | grep "Verification"
ps aux | grep k3s
# reboot the server
kill -9 <97>
Proposed Design
Pass the certificate related information as an argument at the time of "openshell sandbox create" CLI command itself.
Alternatives Considered
I had to manually upload the certificate and perform multiple steps in order to perform mTLS successfully (as mentioned above).
Agent Investigation
No response
Checklist