search

SUSE / Portus

Authorization service and frontend for Docker registry (v2)
http://port.us.org/
Apache License 2.0
2.99k stars 472 forks source link

TLS certificate when deploy portus on K8S #1930

Closed mailzyok closed 6 years ago

mailzyok commented 6 years ago

Description

We are trying to deploy portus on K8S by using helm chart https://github.com/kubic-project/caasp-services/tree/master/contrib/helm-charts/portus

The non-tls works as expected. But we met problem on secured portus deployment, That is to say the internal communtication between nginx, portus and registry are all secured connection. According to the comment in values.yaml for helm chart "the internal host names of the portus, registry and nginx service must be covered by the key/cert in order for TLS to work properly", i don't know how to create a key/cert that can cover all the hostnames, according to the nginx conf, the hostnames are like below: test-portus-nginx test-portus-portus test-portus-registry

Is it possible to create a key/cert to cover all the hostnames. Or we need to create three key/certs for each hostname?

Steps to reproduce

Deployment information

Deploy on K8S using helm chart https://github.com/kubic-project/caasp-services/tree/master/contrib/helm-charts/portus

Configuration: Portus version: 2.3.3

yzha

mailzyok commented 6 years ago

Problem solved. Please refer to https://github.com/kubic-project/caasp-services/tree/master/docs/portus/secure/README.md

yzha