-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
experimental excision of cert-manager #509
Conversation
enable disabling of CM Certificate resources conversely inject Secret resources normally generated by CM. plus values.yaml parameters to configure these secrets
It seems we have to update also the app chart, this is shown when deploying app:
|
See my notes at epinio/epinio#2476 (comment) |
I did a mistake originally and created an annotation instead of a label for This is the tls secret I've created in apiVersion: v1
data:
ca.crt: LS0tLS1CRUd...
tls.crt: LS0tLS1CRUd...
tls.key: LS0tLS1CRUd...
kind: Secret
metadata:
labels:
epinio.io/routing: any-value-allowed
name: sample-app-tls
namespace: workspace
type: kubernetes.io/tls |
Notes:
certManager:
enabled: false
s3:
ca: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
cert: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
key: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
registry:
ca: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
cert: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
key: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
epinio:
ca: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
cert: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
key: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY----- |
Test report:
$ cat values.yaml
certManager:
enabled: false
s3:
ca: |
cert: |
key: |
registry:
...
epinio:
...
$ helm upgrade --install epinio --namespace epinio chart/epinio --set global.domain=1.2.3.4.nip.io --create-namespace --values ./values.yaml
helm upgrade --install epinio --namespace epinio chart/epinio --set global.domain=1.2.3.4.nip.io --create-namespace In both cases I also successfully deployed a sample php app and the route was reachable. I just had to create the "Routing secret" when using custom certificates without CM. |
Verified in |
Ref epinio/epinio#2476
main PR: epinio/epinio#2681
Enable disabling of CM
Certificate
resources.Conversely inject
Secret
resources normally generated by CM.Plus
values.yaml
parameters to configure these secrets.