-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request for clarification on Certificates #18139
Comments
/cc @mmorhun |
Hello @gnoejuan. As of now Eclispe Che uses a separate TLS certificate to secure its ingresses in Kubernetes cluster. The requirements may vary depending on the cluster and/or Che settings. In general, there are two secrets: |
After double-checking the chectl server:deploy args, I assume changing Sounds like the easiest/fastest way to use a ClusterIssuer / Let'sEncrypt certificate is to have the certificate synced. |
It should be changed in case of Operator installer, otherwise it is a bug. |
I might have misread this, but a standard Since I was interested in a helm deployment and kubed doesn't appear to work with microk8s, my KISS solution is below:
|
Yes, it's true. I meant that default ingress controller already uses a commonly trusted certificate and BTW, I think, that soon it will be possible to avoid using of any secret in case of commonly trusted certificate. A bit of details: #18079 and #18259 |
Summary
According to chectl :
To provide own certificate for Kubernetes infrastructure, 'che-tls' secret with TLS certificate must be pre-created in the configured namespace.
How would I use a certificate deployed with a ClusterIssuer? Before I learned of ClusterIssuer(s), my research led me to: https://cert-manager.io/docs/faq/kubed/ to sync the certificate across namespaces.
Would I need to take the extra step to sync the default cluster certificate to the Che namespace?
Relevant information
The text was updated successfully, but these errors were encountered: