Uploaded image for project: 'Red Hat Service Interconnect (Skupper)'
  1. Red Hat Service Interconnect (Skupper)
  2. SKUPPER-1317

Document the use of custom certs for site linking

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • 2.0.1
    • None
    • Documentation
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      The documentation to use custom certificates to link sites needs to be available on skupper.io. It would be good to show it when searching using search engines.

       

      The documentation at https://github.com/skupperproject/skupper-docs/blob/41176d9b226dc1adcad7b3057cc97afb617e8156/modules/kubernetes/pages/index.adoc  is great documentation. It would be good to see a picture of which link is using the certs. 

      The section talking about creating cert is good to follow without knowing what you are really doing (for people like me who don't understand certs). But, it would be good to see the section talk about how to ask your certificate/security department for certs, what types, how many (this document it seems talks about CA cert in ca directory and site cert in certificate directory), etc. I have never been able to explain to the person giving me a cert what I actually need from them. 

      Is skupper-console-certs created only if using certain parameters in skupper init? If yes, then it would be good to have a note somewhere.

      These sets of commands have an extra $      kubectl patch secret skupper-claims-server -p="{\"data\":{\"ca.crt\": \"$($ kubectl get secret skupper-site-ca -o json -o=jsonpath="

      {.data.tls\.crt}

      ")\"}}"

      The documentation on https://github.com/skupperproject/skupper-docs/blob/41176d9b226dc1adcad7b3057cc97afb617e8156/modules/kubernetes/pages/service-certs.adoc which talks about using certs between pods and skupper. This documentation would also make more sense if there was a diagram. There isn't much documentation out there talking about encrypting traffic between pod and skupper. So its very confusing why this is needed. 

       

       

       

              pwright@redhat.com Paul Wright
              nupadhya@redhat.com Niti Upadhyay
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: