SSL¶
Self Signed Certificates¶
Issues with self-signed certificates can be resolved in 2 different ways:
- Add the self-signed certificate
- Disable TLS validation
Add the self-signed certificate¶
To mount the certificate in the pods:
-
Create a secret containing the certificate
kubectl create secret generic internal-ca --from-file=./cert.pem -n connectionsWhere:
cert.pemis the name of your certificate file (this is also used below as thesubPathin the volumeMounts section)connectionsis the namespace where the Boards chart is installed (replace with your namespace)
-
Mount the secret in each applicable deployment by adding the following
volume&volumeMountto your existing values yaml, then redeploy the Boards helm chart.global: env: NODE_EXTRA_CA_CERTS: /etc/ssl/certs/internal-ca.pem core: volumes: - name: ssl-cert-vol secret: secretName: internal-ca volumeMounts: - name: ssl-cert-vol mountPath: /etc/ssl/certs/internal-ca.pem subPath: cert.pem user: volumes: - name: ssl-cert-vol secret: secretName: internal-ca volumeMounts: - name: ssl-cert-vol mountPath: /etc/ssl/certs/internal-ca.pem subPath: cert.pem provider: volumes: - name: ssl-cert-vol secret: secretName: internal-ca volumeMounts: - name: ssl-cert-vol mountPath: /etc/ssl/certs/internal-ca.pem subPath: cert.pem # if your email service is also using Self Signed Certificates events: volumes: - name: ssl-cert-vol secret: secretName: internal-ca volumeMounts: - name: ssl-cert-vol mountPath: /etc/ssl/certs/internal-ca.pem subPath: cert.pem
Disable TLS Validation¶
Warning
This is not recommended for production environments.
You can add the environment variable NODE_TLS_REJECT_UNAUTHORIZED: '0'.
This value is required in core, user & provider deployments (and possibly events depending on the email server configuration).
core:
env:
NODE_TLS_REJECT_UNAUTHORIZED: "0"
user:
env:
NODE_TLS_REJECT_UNAUTHORIZED: "0"
provider:
env:
NODE_TLS_REJECT_UNAUTHORIZED: "0"
# if required for your email server
events:
env:
NODE_TLS_REJECT_UNAUTHORIZED: "0"