[GitHub] [openwhisk-deploy-kube] paul42 commented on issue #711: What is correct way to use self-signed certs in ow install?

[GitBox <gi...@apache.org>]

paul42 commented on issue #711:
URL: https://github.com/apache/openwhisk-deploy-kube/issues/711#issuecomment-966591560


   I'm doing more testing, but @style95 was able to help me in the openwhisk slack - 
   essentially you have to pass your `Chained Cert` which is the leaf cert and all the previous certs leading back to the CA to nginx
   ```
   whisk:
     auth:
       guest: newlyGeneratedetc:etc
       system: newlyGeneratedetc:etc
     ingress:
       apiHostName: <Domain with cert>
       apiHostPort: 443
       apiHostProto: https
       type: Standard
       domain: <Domain with cert>
       annotations:
         kubernetes.io/ingress.class: nginx
       tls:
         secretname: ow-tls
         create: false
         enabled: true
   invoker:
     kubernetes:
       replicaCount: 2
     containerFactory:
       impl: "kubernetes"
   k8s:
     persistence:
       enabled: true
       hasDefaultStorageClass: false
       explicitStorageClass: openebs-hostpath
   nginx:
     httpsNodePort: 31002
     certificate:
       external: true
       cert_file: ".crt that is same as domain and contains certs leading back to CA"
       key_file: ".key that is same as domain"
   ```
   I'm still testing to see what the right helm values are, but I'm able to do a `wsk action list` without the cert warning


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@openwhisk.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org