Certificate Management for Multi-Tenant Applications on Qovery #569
Conversation
Guimove
force-pushed
the
doc/add_multitenant_certificats
branch
from
f724034 to
fe35ce4
Compare
Guimove
changed the title
Fix missing space
| bio = """\ | ||
| Charles-Edouard is Technical Account Manager at <a href=\"https://www.qovery.com\">Qovery</a>.\ | ||
| """ |
There was a problem hiding this comment.
Can you remove stuff about cegagnaire plz?
| * **Certificate generation failures**: If validation fails for one domain, it can prevent certificate generation for all domains | ||
| * **Deployment risks**: A single misconfigured domain can cause the entire deployment to fail | ||
| * **Privacy concerns**: Customers can see other tenants' domains when inspecting the SSL certificate | ||
| * **Certificate limits**: Let's Encrypt has rate limits that can be reached when managing many domains on a single certificate |
There was a problem hiding this comment.
Is it the opposite? meaning that we group together certificate requests for multiple domains into a single one to avoid rate limiting. Doing this setup actually increases the risk of being rate-limited (since we increase the number of certificate requests by x domains
|
|
||
| While not mandatory, creating separate environments helps maintain a clean separation between your core infrastructure and tenant-specific configurations. | ||
|
|
||
| 1. **Create an Infrastructure Environment** |
There was a problem hiding this comment.
I'd avoid using "Infrastructure" for this kind of application environment, it's a term that we never use in the documentation (it can be just "main environment")
|
|
||
| Navigate to Settings → Ports and add a port: | ||
|
|
||
| * Service name: Use the `QOVERY_CONTAINER_XXXXXXX_HOST_INTERNAL` value |
There was a problem hiding this comment.
-
As you said, the user should just create the service. As soon as he deploys it, it's impossible to set the service name since we fetch it from the same namespace where the helm is deployed. maybe add a message to say to not deploy it. Moreover, we have to be careful to take into account this kind of use case in the product since the namespace doesn't affect the service fetching mechanism (we could let the user first select the namespace and then the service to target)
-
which port shall the user configure? I suppose the same of the container deployed in the previous step
There was a problem hiding this comment.
on the left, it should be just "Single ingress" and not "Single Ingress Controller"? (it's one ingress controller also on the right
No description provided.