In the past couple days @ramonh set out to dogfood the SCN deployment experience, and when he was attempting a full Kubernetes deployment in a local minikube, he ran into issues around the TLS deployment and the auto-generated TLS certificate. Getting this TLS challenge working on a cluster without a proper public IP was practically impossible (even with tools like ngrok).
As it turns out it is possible to disable TLS on the builder service by removing SCC_DOMAIN and replacing SCC_TLS_PORT with SCC_HTTP_PORT in the configuration generated by subo. After adjusting the loadBalancer's exposed ports it is possible to do SSL termination outside of the Kubernetes instance (e.g. with ngrok and minikube tunnel in the local case).
The environment variables used in these manifests (generated by subo from templates) to configure SCN don't seem to be documented anywhere, and besides highlighting the above use case we should also document all configuration options separately.
I will also file a separate issue in [subo](/suborbital/subo] to explore changing the templates and the defaults in the generated manifests.
In the past couple days @ramonh set out to dogfood the SCN deployment experience, and when he was attempting a full Kubernetes deployment in a local
minikube, he ran into issues around the TLS deployment and the auto-generated TLS certificate. Getting this TLS challenge working on a cluster without a proper public IP was practically impossible (even with tools like ngrok).As it turns out it is possible to disable TLS on the builder service by removing
SCC_DOMAINand replacingSCC_TLS_PORTwithSCC_HTTP_PORTin the configuration generated by subo. After adjusting the loadBalancer's exposed ports it is possible to do SSL termination outside of the Kubernetes instance (e.g. with ngrok andminikube tunnelin the local case).The environment variables used in these manifests (generated by subo from templates) to configure SCN don't seem to be documented anywhere, and besides highlighting the above use case we should also document all configuration options separately.
I will also file a separate issue in [subo](/suborbital/subo] to explore changing the templates and the defaults in the generated manifests.