Replies: 1 comment 1 reply
-
|
Hey @WellyHong, did you try following the tutorial in this PR to generate your self signed certificates? |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Hi @asafc , Not yet, I use privateKey/certificate which was generated before for our cluster ingressgateway tls credential. Should I follow the PR to generate new self-signed certificates? After setting opal-client env, log dispalys WARNING | OPAL client is configured to trust self-signed certificates, seems like it configure with self-signed certificate successfully. next step, I should configure opal-server relevant setting, right? |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
We have deployed opal-server with helm chart, integrate istio service-mesh to our k8s and set ingressgateway with self-signed certificate.
In the same cluster, opal-clients connect to opal-server is perfect, but in the other cluster opal-client try connect to opal-server encounter problem as below:
e.g.
ClusterA: opal-server, opal-clientA
ClusterB: opal-clientB
opal-server <--- ws://opal-server.host.com/ws --- opal-clientA (ok)
opal-server <--- wss://opal-server.host.com/ws --- opal-clientB (fail)
I follow the guidance, set
OPAL_CLIENT_SELF_SIGNED_CERTIFICATES_ALLOWED=true OPAL_CLIENT_SSL_CONTEXT_TRUSTED_CA_FILE=/path/to/ca-public.crt, but it's still not working.Should I mounts the relative private key & certificate to opal-server container,
after that, how to run the command via k8s Deployment?
uvicorn opal_server.main:app --reload --port=7002 --ssl-keyfile=/path/to/localserver-private.key --ssl-certfile=/path/to/localserver-cert.crtBeta Was this translation helpful? Give feedback.
All reactions