Custom TLS certificate#

Creating the certificate#

Lego is a command line tool for provisioning certificates for a domain. If you are trying to install QHub within an enterprise you may need to contact someone in IT to create the certificate and key-pair for you. Ensure that this certificate has all of the domains that QHub is running on. Lego supports multiple DNS providers. For this example we will assume Cloudflare as your DNS provider.

export CLOUDFLARE_DNS_API_TOKEN=1234567890abcdefghijklmnopqrstuvwxyz
lego --email --dns cloudflare --domains run

Or alternatively for testing you can create a self-signed certificate. This should only be used for testing.

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 \
  -subj "/C=US/ST=Oregon/L=Portland/O=Quansight/OU=Org/CN=$QHUB_DOMAIN" \

Adding certificate to kubernetes cluster as a secret#

You can name the certificate anything you would like qhub-domain-certificate is only an example.

kubectl create secret tls qhub-domain-certificate -n dev \
  --cert=cert.pem \

Using custom certificate in qhub-config.yaml#

Once you have followed these steps make sure to modify the configuration to use the new certificate.

  type: existing
  secret_name: qhub-domain-certificate