Certificates¶
To enable HTTPS on the Renku website you need valid certificates for the ingress.
This can be achieved by either deploying a certificate issuer like LetsEncrypt or creating certificates manually and inserting them as Kubernetes secrets.
LetsEncrypt¶
If you have installed Helm you can deploy LetsEncrypt.
The following are steps to install LetsEncrypt using Helm. To run the following commands you can use the cert-manager-values.yaml and cert-manager-issuer.yaml files. Make sure to edit the cert-manager-issuer.yaml file and fill in the correct email field.
$ helm install cert-manager jetstack/cert-manager -f helm-installs/cert-manager-values.yaml --namespace kube-system
$ kubectl apply -f manifests/cert-manager-issuer.yaml
Now you can check that certificates can be issued automatically using a test deployment. For more information, please check LetsEncrypt cert-manager Helm documentation
Generate manually¶
You can also use an SSL certificate issued by another certificate authority.
Add the mentioned certificate as a secret to the renku
namespace.
$ kubectl -n renku create secret tls renku-tls --cert=certificate.crt --key=certificate.key
If GitLab is deployed as part of Renku you also need a certificate for the registry, this can be included in the .crt
file.