-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How do I use SSL while installing anycable using Helm #7
Comments
Hello! Yeah, apparently, this part of Helm chart isn't finished yet. However, we usually place anycable-go behind Ingress resource and let Ingress controller terminate SSL. Does this approach work for you? If you're using Let's Encrypt (and have cert-manager in your cluster) then place something like this in Helm values: fullNameOverride: anycable-go
ingress:
enable: true
path: /cable
acme:
hosts:
- your-app.example.com And then it will search for certificates in secret named
If you're using your own certificates, specify their contents in values like this: ingress:
enable: true
path: /cable
nonAcme:
hosts:
- names:
- your-app.example.com
secretName: your-app-tls-secret
tls: # Omit this part if you already have created your-app-tls-secret
crt: "Optional: Place PEM-encoded certificate chain here"
key: "Optional: Place PEM-encoded private key here" If you need to avoid Ingress or to terminate SSL in anycable-go itself, please tell us more about your use case |
Ingress is helpful but we are required to do an end-to-end TLS. I'll see if I can fix it and give you folks a PR. |
What certificates you're planning to use? Let's Encrypt, buy certificates in public CA, or issue in your own private CA? |
@adimania, please tell us more about your desired setup. Do you plan to use Ingress at all? What certificates you plan to use with Ingress (from public or your own private CA), with anycable? |
We don't use Ingress. We are using certificates issued by a public CA. |
Then you should be good with #8 (I have not tested it with encryption between Ingress and anycable-go yet) |
Released in v0.4.0 of Helm chart anycable-go |
I see that env.anycableSslKey and env.anycableSslCert exist but how do I get the certificate and the key inside the pod without modifying the deployment.yml template and adding a volume there?
The text was updated successfully, but these errors were encountered: