Configuring Eclipse Che with self-signed certificate
By default chectl creates a Kubernetes Job to generate self-signed certificate to deploy Che with.
This procedure describes how to configure a custom self-signed certificate on prior of deploying Che.
Prerequisites
- 
An active kubectlsession with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.
- 
Generated certificate and private key files. 
Procedure
- 
Pre-create a namespace for Che: $ kubectl create namespace eclipse-che 
- 
Create a che-tlssecret:$ kubectl create secret tls che-tls \ --key <key_file> \ (1) --cert <cert_file> \ (2) -n eclipse-che 1 A file with the private key in PEM format 2 A file with the public key certificates in PEM format 
- 
Add the required labels to the secret: $ kubectl label secret che-tls app.kubernetes.io/part-of=che.eclipse.org -n eclipse-che 
- 
Create a self-signed-certificatesecret:$ kubectl create secret generic self-signed-certificate \ --from-file=ca.crt=<certitifcate_chain_of_trust_file> \ (1) -n eclipse-che 1 A file with certificate chain of trust in PEM format 
- 
Add the required labels to the secret: $ kubectl label secret self-signed-certificate app.kubernetes.io/part-of=che.eclipse.org -n eclipse-che 
Additional resources