New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TLS Docs #3012
Add TLS Docs #3012
Conversation
Thanks for this addition @dtomcej – It'd really help me a few months back when I was figuring out things. WDYT of adding one sentence on how to get started with obtaining trusted backend certs? A link to a help section or a tutorial would be ideal. |
@kachkaev I'm unsure if that would be wise, due to the fact that there are many different ways to get trusted certs, and they are environment specific. I am hesitant to suggest one method, as it anything specific that is suggested may be unsuitable for a large portion of users. |
Ideally, if you are managing the cluster, you could generate your own certs, and use the k8s CA to sign them (therefore making them trusted), but we can't assume that users have access to the cluster CA keys to sign with. There are also many users that use third party cert tools to handle this. @timoreimann thoughts? |
I agree that we need to be careful about what we recommend in our documentation. For instance, our Kubernetes guide is often misinterpreted as providing production-level advice despite several warnings and notes left for quite some time. We still have our awesome Traefik wiki list though where we could add community contributions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
trying to hold back the bot for some final styling improvements by @nmengin . |
What does this PR do?
Adds a note about how to enable TLS communication in k8s to backend pods.
Motivation
Resolves #3008
More