search

yaohui-wyh / yaohui-wyh

1 stars 0 forks source link

article/2022/06/10/gitpod-self-host #2

Open utterances-bot opened 2 years ago

utterances-bot commented 2 years ago

Gitpod Self-hosted installation on Tencent Cloud

https://wyh.life/article/2022/06/10/gitpod-self-host

Learntotolearn commented 2 years ago

Hello, I have learned a lot from reading your documents. Now I have a problem about using certificates. Do I need to configure a certificate when using nginx? Do you need to configure ingress in k3s? I wonder if you can send the completed nginx configuration for reference?

yaohui-wyh commented 2 years ago

Hi @Learntotolearn

Do I need to configure a certificate when using nginx?

No, Nginx was only used to serve kots dashboard during installation, and it can be stopped once you finished the kots installation. And you don't need certs here. Unfortunately, my cluster has been destroyed for some time and I don't have the config anymore. But the Nginx part is not that complicated.

Do you need to configure ingress in k3s?

I didn't configure ingress, and there is a Gitpod component named proxy which serves all the inbound requests and TLS termination. However, I don't know if you need to configure ingress for some production-level setup.

Learntotolearn commented 2 years ago

Thank you for your reply. I understand. There is really a gitpod proxy process for port forwarding. After I fill in the correct certificate issuer in the installation of gitpod, gitpod can normally apply for a certificate. But I encountered another problem: after creating the workspace, jump to . Ws.xx COM domain name, it does not use the certificate of . Ws.xx.com, but uses the certificate of *. Xx.com. Do you have this problem?

yaohui-wyh commented 2 years ago

Thank you for your reply. I understand. There is really a gitpod proxy process for port forwarding. After I fill in the correct certificate issuer in the installation of gitpod, gitpod can normally apply for a certificate. But I encountered another problem: after creating the workspace, jump to . Ws.xx COM domain name, it does not use the certificate of . Ws.xx.com, but uses the certificate of *. Xx.com. Do you have this problem?

I don't have this problem. Maybe check the certs by k describe cert <my-crt> -n cert-manager and check the DNS names fields?

Learntotolearn commented 2 years ago

Hello, I checked it and it didn't seem to have any problems:


Spec:
&nbsp; Dns Names:
&nbsp; &nbsp; example.vip&nbsp; &nbsp;#I replaced the domain name
&nbsp; &nbsp; *.example.vip&nbsp; #I replaced the domain name
&nbsp; &nbsp; *.ws.example.vip&nbsp; #I replaced the domain name
&nbsp; Issuer Ref:
&nbsp; &nbsp; Kind:&nbsp; &nbsp; &nbsp; &nbsp;ClusterIssuer
&nbsp; &nbsp; Name:&nbsp; &nbsp; &nbsp; &nbsp;aliyun
&nbsp; Secret Name:&nbsp; https-certificates
&nbsp; Secret Template:
&nbsp; &nbsp; Labels:
&nbsp; &nbsp; &nbsp; App:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;gitpod
&nbsp; &nbsp; &nbsp; Component:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;gitpod-installer
&nbsp; &nbsp; &nbsp; kots.io/app-slug:&nbsp; gitpod
&nbsp; &nbsp; &nbsp; kots.io/backup:&nbsp; &nbsp; velero
Status:
&nbsp; Conditions:
&nbsp; &nbsp; Last Transition Time:&nbsp; 2022-08-31T05:02:00Z
&nbsp; &nbsp; Message:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Certificate is up to date and has not expired
&nbsp; &nbsp; Observed Generation:&nbsp; &nbsp;1
&nbsp; &nbsp; Reason:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Ready
&nbsp; &nbsp; Status:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; True
&nbsp; &nbsp; Type:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Ready
&nbsp; Not After:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;2022-11-29T04:01:58Z
&nbsp; Not Before:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 2022-08-31T04:01:59Z
&nbsp; Renewal Time:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 2022-10-30T04:01:58Z
&nbsp; Revision:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1
Events:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <none&gt;

------------------ 原始邮件 ------------------ 发件人: "yaohui-wyh/yaohui-wyh" @.>; 发送时间: 2022年8月31日(星期三) 下午2:17 @.>; @.**@.>; 主题: Re: [yaohui-wyh/yaohui-wyh] article/2022/06/10/gitpod-self-host (Issue #2)

Thank you for your reply. I understand. There is really a gitpod proxy process for port forwarding. After I fill in the correct certificate issuer in the installation of gitpod, gitpod can normally apply for a certificate. But I encountered another problem: after creating the workspace, jump to . Ws.xx COM domain name, it does not use the certificate of . Ws.xx.com, but uses the certificate of *. Xx.com. Do you have this problem?

I don't have this problem. Maybe check the certs by k describe cert <my-crt> -n cert-manager and check the DNS names fields?

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

Learntotolearn commented 2 years ago

Spec: Dns Names: example.vip #I replaced the domain name .example.vip #I replaced the domain name .ws.example.vip #I replaced the domain name Issuer Ref: Kind: ClusterIssuer Name: aliyun Secret Name: https-certificates Secret Template: Labels: App: gitpod Component: gitpod-installer kots.io/app-slug: gitpod kots.io/backup: velero Status: Conditions: Last Transition Time: 2022-08-31T05:02:00Z Message: Certificate is up to date and has not expired Observed Generation: 1 Reason: Ready Status: True Type: Ready Not After: 2022-11-29T04:01:58Z Not Before: 2022-08-31T04:01:59Z Renewal Time: 2022-10-30T04:01:58Z Revision: 1 Events: