[local-preview] Remove cert-manager dependency
#11412
Conversation
Pothulapati
force-pushed
the
tar/lp-cert-manager
branch
2 times, most recently
from
298a5c5 to
863b3d8
Compare
github-actions
bot
added
the
team: delivery
Pothulapati
added
do-not-merge/work-in-progress
and removed
team: delivery
This PR removes the dependency of `cert-manager` and thus reducing resource usage. This is replaced by the usage of `mkcert` instead Signed-off-by: Tarun Pothulapati <tarun@gitpod.io>
Pothulapati
force-pushed
the
tar/lp-cert-manager
branch
from
863b3d8 to
4a6d809
Compare
github-actions
bot
added
the
team: delivery
| cat "${HOME}"/.local/share/mkcert/rootCA.pem > "$FN_CACERT" | ||
| mkcert -cert-file "$FN_SSLCERT" \ | ||
| -key-file "$FN_SSLKEY" \ | ||
| "*.ws.${DOMAIN}" "*.${DOMAIN}" "${DOMAIN}" "reg.${DOMAIN}" "registry.default.svc.cluster.local" "gitpod.default" "ws-manager.default.svc" "ws-manager" "ws-manager-dev" "registry-facade" "server" "ws-manager-bridge" "ws-proxy" "ws-manager" "ws-daemon.default.svc" "ws-daemon" "wsdaemon" |
There was a problem hiding this comment.
Looks like this is enough, and we don't have to generate induvidual certs for each purpose.
|
I'm using the command |
|
Correct @mrsimonemms |
|
It's more a bit of branding than a problem, but is there any way we can make the certificate name be "Gitpod Local Preview" (or something similar)? (This in Firefox, but I guess it'll be the same everywhere)
|
|
/hold |
|
It's a valid question, and looks like there is no direct I just remembered I used https://github.com/smallstep/cli for similar tasks, and can try moving to that unless there is some concern using it. 🤔 cc: @lucasvaltl |
|
Let's do as a future PR I've removed my approval as cannot build image at moment. Investigating reasons |
|
So, I saw a similar image build error initially on this same change, but couldn't repro it. It could be a real issue. As this is just an improvement, I'd err on making sure if its a real problem or not before merging. @adrienthebo Can you also PTAL once? 👀 😄 |
|
I got a successful build when creating an environment against https://github.com/mrzarquon/gitpod-aws-toolkit (as that's where I'm doing most of my work right now). This should be good to go, but I'm running a test against gitpod-io/gitpod to see if I can reproduce the failure that you're seeing @mrsimonemms. |
|
I'm getting the same issue on both this PR and Remove the hold at-will |
|
Removing the hold, but will continue testing and raise a separate issue if its something that we might have to fix. /unhold |
Description
This PR removes the dependency of
cert-managerand thusreducing resource usage. This is replaced by the usage of
mkcertinstead.Each certificate is induvidually generated on those domains
and stored into specific files for
k3sto apply them whichis then used by Gitpod.
Signed-off-by: Tarun Pothulapati tarun@gitpod.io
Related Issue(s)
Part of #11303
How to test
Release Notes
Documentation
Werft options: