Comments (7)
Updating the Certificate on VEBA
The default certificate for OpenFaaS (/ui) or the EventBridge (/stats) and the other web endpoints running on VEBA are self signed. This might cause browsers to show the certificate as untrusted and would require you to specify the --no-tls-verify flag when working with faas-cli. We understand that this may be an inconvenience or unacceptable to some of our customers.
In order to update the certificates with a certificate from a trusted authority, please follow the steps outlined below
Assumptions
- Access to the VEBA
- Certificates from a trusted authority
- The public/private key pair must exist before hand. The public key certificate must be .PEM encoded and match the given private key.
Steps
- Run the below commands to update the certificate on VEBA
cd /folder/certs/location
CERT_NAME=eventrouter-tls
KEY_FILE=vebaof.pem
CERT_FILE=vebaof.cer
#recreate the tls secret
kubectl --kubeconfig /root/.kube/config -n vmware delete secret ${CERT_NAME}
kubectl --kubeconfig /root/.kube/config -n vmware create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}
#reapply the config to take the new certificate
kubectl --kubeconfig /root/.kube/config apply -f /root/ingressroute-gateway.yaml
This video shows the steps being run on a lab environment and successfully update the certs for VEBA setup with OpenFaaS - https://youtu.be/7oMCvxvL2ns
from vcenter-event-broker-appliance.
Thanks for the feedback. Regarding custom certificates, this certainly make sense, especially from a security point of view and not having to disable TLS checking when deploying functions.
Having said that, given this is currently a Fling and we have a finite amount of resources and have to prioritize where we spend our time to ensure we get feedback on the overall solution. Is not having the ability to deploy your own custom certificates a blocker from trying out VEBA or is this more of an ask for Production deployment? We can certainly investigate into #1 to see if its possible to update the certificates post-deployment (@embano1 to comment) but wanted to understand if this is completely blocking you from trying out VEBA (which we recommend doing so in a development environment)
from vcenter-event-broker-appliance.
from vcenter-event-broker-appliance.
Awesome Aaron, let us know how testing goes in your lab! I'd also like to mention we've got a temp Product Manager for VEBA, if you'd like to have a more in-depth conversation on the things you'd like to see (if) VEBA gets productized, we'd certainly welcome the feedback as well as anything else you see from the current Fling to make it more usable. Just let me know and we can connect offline
from vcenter-event-broker-appliance.
Aaron, I'm the PM for VEBA and I'd happy to discuss VEBA, documentation needs and functions that you are looking to take advantage of or develop yourself. Let me know and i'm happy to jump on a call.
from vcenter-event-broker-appliance.
This has been addressed with the documentaton on - https://vmweventbroker.io/kb/advanced-certificates. @meyeaard let us know if we are good to close this issue.
from vcenter-event-broker-appliance.
from vcenter-event-broker-appliance.
Related Issues (20)
- [BUG] Wrong Trigger spec used for kn-pcli-nsx-tag-sync
- Remove OpenFaaS related workflow steps HOT 1
- [BUG] Images can't be pulled from ghrc. 403 Forbidden HOT 6
- [BUG] PowerCLI template Dockerfile contains incorrect FROM image
- [BUG] Client certificates generated by kubeadm expire after 1 year HOT 3
- Added pwsh installation requirements in "Requirements" section of "Getting Started Build Guide for VMware Event Broker Appliance" HOT 1
- Update VEBA README for Tanzu Sources for Knative
- Add guidance to the documentation on how to re-register the veba-ui plugin
- [BUG] Unable to locate the EBA image on developer.vmware.com HOT 3
- Create example Google Chat function
- [BUG] vSphere & Horizon Sources missing payloadEncoding
- VEBA root user login monitor and other user logins - Not an issue HOT 2
- Update core layer components in VEBA HOT 1
- [BUG] Formatting wrong in README
- [BUG] Deviating naming for latest kn-vsphere cli binary
- [BUG] VEBA Deployment fails due to missing wait condition
- Re-order Knative setup based on Knative E2E testing
- JFYI - Support for Photon OS 5.0 requires SATA CDROM HOT 1
- [BUG] Fix VEBA DCUI assumption after migrating to Tanzu Sources
- [BUG] Deployment error HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vcenter-event-broker-appliance.