Skip to content
Snippets Groups Projects
Select Git revision
  • main default
  • migration
  • local-api-dev
  • feature_docker-compose
  • production
  • ver-1.4.0
  • ver-1.3.5
  • stable
  • ver-1.3.2
  • 1.4.1-rc2
  • 1.4.1-rc1
  • 1.4.0
  • v1.3.5-hf1
  • v1.3.5-hf1.1
  • 1.4.0-rc18
  • 1.4.0-rc17
  • 1.4.0-rc16
  • 1.4.0-rc15
  • 1.4.0-rc14
  • 1.4.0-rc13
  • 1.4.0-rc12
  • 1.4.0-rc11
  • 1.4.0-rc10
  • 1.4.0-rc9
  • 1.4.0-rc8
  • 1.4.0-rc2
  • 1.4.0-rc1
  • v1.3.5
  • v1.3.4
29 results
Blame Permalink
  • egon w. stemle's avatar
    d6a64be5
    Use kube-lego for TLS certs for clarin(-dev).eurac.edu · d6a64be5
    egon w. stemle authored 
    So far, we have used TLS certs from eurac's IT. Now, we (re-)use k8s
infrastructure (in particular the kube-lego add-on) and let kube-lego
- request/renew TLS certificates
- manage the certificate within a k8s secret
We then make this k8s secret available to our nginx and configure nginx
to use it.

We also got rid of internal TLS communication between ingress and the
apps avoiding the necessity to (re-)create valid/self-signed certs. The
overhead seemed unnecessary.

Note: using HTTP(!) over port 443 for internal communication (Shibboleth mishap)

Fix #62
    d6a64be5
    History
    Use kube-lego for TLS certs for clarin(-dev).eurac.edu
    egon w. stemle authored 
    So far, we have used TLS certs from eurac's IT. Now, we (re-)use k8s
infrastructure (in particular the kube-lego add-on) and let kube-lego
- request/renew TLS certificates
- manage the certificate within a k8s secret
We then make this k8s secret available to our nginx and configure nginx
to use it.

We also got rid of internal TLS communication between ingress and the
apps avoiding the necessity to (re-)create valid/self-signed certs. The
overhead seemed unnecessary.

Note: using HTTP(!) over port 443 for internal communication (Shibboleth mishap)

Fix #62