search

SUSE / caasp-services

Layered Services on the SUSE Container-as-a-Service Platform
Apache License 2.0
25 stars 30 forks source link

How to create cert and key for all the internal hostnames #52

Closed mailzyok closed 6 years ago

mailzyok commented 6 years ago

Hi,

We want to use TLS for internal communication.

According the to comments in values.yaml, as below:

TLS configuration

the internal host names of the portus, registry and nginx service must be covered by the key/cert in order for TLS to work properly

User need to create key/cert covering internal hostnames of poruts, registry and nginx, Could you please provide a guide on how to create such kinds of key and cert. For example, the internal hostnames are: test-portus-nginx test-portus-portus test-portus-registry

is it one pair of key and cert which covers all the hostname, then how to create a cert which covers mulitpile hostnames?

If three pair of keys and certs are needed, how to fill the key and cert values in values.yaml?

Thanks, yzha

mailzyok commented 6 years ago

Problem solved. Please refer to https://github.com/kubic-project/caasp-services/tree/master/docs/portus/secure/README.md

yzha