Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add user guide for TLS ingress #6861
Add user guide for TLS ingress #6861
Changes from all commits
0d138a2
45da972
19d617e
daa8281
7f29a69
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While this works, you could avoid fiddling with /etc/hosts by using one or both of the methods below:
--resolve
option, e.g.curl --resolve "nessie.local:443:$(minikube ip)" https://nessie.local/api/v2/config
nessie.$(minikube ip).nip.io
: such a host name will resolve to whatever IPminikube ip
indicates. E.g.ping nessie.$(minikube ip).nip.io PING nessie.192.168.49.2.nip.io (192.168.49.2): 56 data bytes 64 bytes from 192.168.49.2: icmp_seq=0 ttl=64 time=0.108 ms
Then you would use
nessie.192.168.49.2.nip.io
as the hostname for your certificates and ingress rules.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, but the certificate must have the exact host name, which is not known until we start / configure ingress... I guess that would create a chicken and egg problem. Even if adding the TLS cert after startup works, it might be too complex for a guide... WDYT?
Also, the java client still depends on OS-level host name resolution (although I did not put and example for it).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I finally got this to work on macOS, so I'm approving the PR, but it required many changes:
This will detect the ingress rule and open ports for it:
$(minikube ip)
. So you need to change all the commands above, e.g.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@adutra : Could you update with Mac specifics after merging? I do not have a Mac to play with :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good idea, will do!