Comments (8)
cornelius
commented on May 31, 2024
ROUTER_SSL_CERT and ROUTER_SSL_KEY are in the env block of values.yaml and settable in scf-config-values.yaml.
In a simple scenario with a single router cert and key, just use the "|" syntax to insert the value:
env:
ROUTER_SSL_CERT: |
-----BEGIN CERTIFICATE-----
MIIDhDCCAmwCAQEwDQYJKoZIhvcNAQELBQAwgYcxCzAJBgNVBAYTAkNBMQswCQYD
VQQIDAJCQzESMBAGA1UEBwwJVmFuY291dmVyMQ0wCwYDVQQKDARTVVNFMSMwIQYD
VQQLDBpDbG91ZCBBcHBsaWNhdGlvbiBQbGF0Zm9ybTEjMCEGCSqGSIb3DQEJARYU
dHJveS50b3BuaWtAc3VzZS5jb20wHhcNMTgwNTA0MjMwODM5WhcNMjgwMzEyMjMw
....more
q2bpczpk2GsHZvIs/AENar5dqQXt3OR5yZIyz8IULQfs3DEnlPcsZpm1Mvls5FZW
2I/wEUE4aaXbhOP5zGymo+DVCZwi9SG1q4n5mJ+k9cnXaxRo9rFRoIyVxJWxsbJR
PJu0lxpD/EOoFVntXk8AFZlWldGLh+XVArMYbAskkosH5FjyXnRUxs+HHovINNpr
1/NA0XckCbQiZDE0ta6rVrtAixkc5jqTjVIi5C0HhQUPbi37mtIHfXruwCbVgWZK
oZj+R6WSEfj5dHgYpZR2+160iNkhKIAl/btzOiX4gAZh9EnQOtPvaw==
-----END CERTIFICATE-----
ROUTER_SSL_KEY: |
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAxTJAsLA8CppqD98ZUIoDvYIZ+sWuKtk3kJGHI7+xX6yWhShF
oChMCldAN6qEP1EjV6GovFsMryF3Me9OAdBdL40gD/2AEpKs1mTqzaVSVemVMJDe
T3vbeEl3ViaZYhVFpeJ/cA1Hdqbd3rUCdgqzAvVDrl3bSBOmEVGCbCEtfQZ/hBWh
/Vwchptz6aRYcTcCiMWhEN69VOFbLEh/0CDZ6nyF51ABeqkJ01kpoXYIMrIDd74I
Y+suxVpuhOnVK5N+u2De2eD192hO5n0NPzAixDl5QzhadnRtGta1Dd0vHMt96awX
9aHYkKTEkewZXMEdWcut7xbQpznqw3efiOlg2QIDAQABAoIBAB7rdkE+IOv4slCy
....more
34omF1AcswsJOPNSfQ5Y/Hie0rRaROGRPG2XBaya1pD7lYpwRyvcaHDpb1rHRE/g
H/3u9QKBgCaEI+hd5k0xJO31WZ2oVPkGx4nJ4TaPBfIsWP74uo0Qxt3NzNdSVw4s
etUycYqNMTyFz3HZTU3hwiBApvPPW9mQZTui9y8DciP9v7QwbEQDNl4LWs1iHGQE
tkLPL2x14B52SH5/udt4BXLyX2QccdmNP2kw1KxIHPc8QY58nIl6
-----END RSA PRIVATE KEY-----
from doc-cap.
cornelius
commented on May 31, 2024
All certificates in CAP can be manually specified by using their respective secrets.* keys in the values YAML file, when installing or upgrading via Helm. We need to create a full and documented list of what keys are relevant here and how to set them.
from doc-cap.
troytop
commented on May 31, 2024
Also include instructions in this section on automatically generated secrets. The release notes state "To rotate secrets, increment the kube.secrets_generation_counter (immutable generated secrets will not be reset)." This will require some supporting information about why these secrets exist and what their lifecycle is.
from doc-cap.
btat
commented on May 31, 2024
Details of block in https://trello.com/c/nwPur5bq/71-deploy-custom-ssl-certs
from doc-cap.
btat
commented on May 31, 2024
Addressed by PR #153
from doc-cap.
btat
commented on May 31, 2024
Closing as PR #153 is merged.
from doc-cap.
troytop
commented on May 31, 2024
We need to verify that these instructions can be made to work with signed certificates from a real CA. Use letsencrypt to generate signed certificates.
The CF router and UAA endpoints both need to support this.
from doc-cap.
cjschroder
commented on May 31, 2024
Verifying certs sounds like a job for engineering.
from doc-cap.
Related Issues (20)
- [doc] 3.2 Important Changes
- [doc] 4.5 Deployment Configuration HOT 1
- [doc] 4.12 Add the Kubernetes Charts Repository HOT 2
- [doc] 4.13.2 Deploy KubeCF
- Unify usage of SUSE vs SUSE® HOT 2
- [doc] 8.1 Deploy Stratos on SUSE® CaaS Platform HOT 1
- [doc] Figure 8.3: Stratos UI Cloud Foundry Console HOT 1
- [doc] Figure 8.5: Stratos UI Cloud Foundry Console HOT 1
- [doc] Figure 8.7: Stratos UI Cloud Foundry Console HOT 1
- [doc] 8.6.2 Install Stratos Metrics with Helm
- CaaSP 4.x settings for a better tuned CAP HOT 14
- 3.1 README First
- 4.6.2 - Remove unnecessary note
- Link to terraform templates for 2.1 deployment HOT 2
- Add xml:id to all tags that should have them
- [doc] 20.1.2 Setting Up the Environment for Minibroker Usage
- [doc] 10.2 Mirror Images to Registry
- [doc] 6.6 Stratos Metrics
- [doc] 19.2 Enabling and Disabling the App-AutoScaler Service HOT 1
- [doc] 23.3 Using the App-AutoScaler Service
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from doc-cap.