Traefik¶
Custom TLS certificate¶
Creating the certificate¶
Lego is a command line tool for provisioning certificates for a domain. If you are trying to install QHub within an enterprise you may need to contact someone in IT to create the certificate and key-pair for you. Ensure that this certificate has all of the domains that QHub is running on. Lego supports multiple DNS providers. For this example we will assume Cloudflare as your DNS provider.
export CLOUDFLARE_DNS_API_TOKEN=1234567890abcdefghijklmnopqrstuvwxyz
lego --email myemail@example.com --dns cloudflare --domains my.example.org run
Or alternatively for testing you can create a self-signed certificate. This should only be used for testing.
export QHUB_DOMAIN=github-actions.qhub.dev
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 \
-subj "/C=US/ST=Oregon/L=Portland/O=Quansight/OU=Org/CN=$QHUB_DOMAIN" \
-nodes
Adding certificate to kubernetes cluster as a secret¶
You can name the certificate anything you would like qhub-domain-certificate is only an example.
kubectl create secret tls qhub-domain-certificate -n dev \
--cert=cert.pem \
--key=key.pem
Using custom certificate in qhub-config.yaml¶
Once you have followed these steps make sure to modify the configuration to use the new certificate.
certificate:
type: existing
secret_name: qhub-domain-certificate