-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to specify TLS cert for this to work #38
Comments
What I tried so far: helm repo add cs3org https://cs3org.github.io/charts/
helm install my-reva cs3org/revad
kubectl get configMaps
-> you should see 'my-reva-revad-config' listed there
kubectl describe configmaps my-reva
-> you should see the config |
The cert I want to use is in /etc/letsencrypt/live/mesh.pondersource.org/ - maybe something like |
Hi @michielbdejong, you can take a look at the docs on https://developer.sciencemesh.io/docs/technical-documentation/iop/deployment/kubernetes/#configuring-an-iop-deployment. There's a TLS-terminated setup for the revad gateway ingress resource described in there. Let us know if something remains unclear from that documentation. cc/ @dagl |
Thanks! I was able to follow those instructions and import my LetsEncrypt cert into a Kubernetes secret. helm upgrade -i iop sciencemesh/iop --set-file gateway.configFiles.revad\\.toml=standalone.toml --set-file gateway.configFiles.users\\.json=users-cern.json --set-file gateway.configFiles.ocm-providers\\.json=providers.demo.json -f custom-ingress.yaml
Release "iop" does not exist. Installing it now.
Error: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "iop-gateway-grpc" namespace: "" from "": no matches for kind "Ingress" in version "networking.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "iop-gateway-http" namespace: "" from "": no matches for kind "Ingress" in version "networking.k8s.io/v1beta1"
ensure CRDs are installed first] |
Changing Compare: helm repo add cs3org https://cs3org.github.io/charts/ vs helm repo add sciencemesh https://sciencemesh.github.io/charts/ |
helm repo list
NAME URL
cs3org https://cs3org.github.io/charts/
sciencemesh https://sciencemesh.github.io/charts/ |
There seems to be a mismatch between |
@michielbdejong could you post the values of running the Which version of Kubernetes are you using? There's no mismatch between those two values. The |
@SamuAlfageme thanks! |
I think it is based on our side in Kubernetes because I could not expose even a simple project on port 80 on the internet. |
When using Minikube you can run |
Up to now we had https://mesh.pondersource.org/ running with revad listening directly to port 443, using this built-in TLS feature of revad.
But this helm chart doesn't seem to use it. Instead, it seems that we should be using some sort of ingress using the
ingress.services.{http,grpc}.tls
config that is mentioned in https://github.com/cs3org/charts/tree/master/revad#configuration ?I'm not very experienced with kubernetes and there is very little "Getting Started" info here.
I see the following sites all run revad with TLS on port 443:
How do they do it? Are there no docs about this?
The text was updated successfully, but these errors were encountered: