This feature is used to encrypt all cloud service endpoints (both public and private) using TLS certificates obtained from an external provider. It does this by interfacing with the existing Traefik instances in the cloud. A Traefik instance is associated with either public or private cloud traffic.
Note: TLS CA is currently the only way to enable TLS in MicroStack.
Enable TLS CA
To enable TLS, you’ll need to provide information that identifies your chosen Certificate Authority. Do this by specifying a CA certificate and its CA certificate chain.
Run the following command to enable TLS for public endpoints:
sunbeam enable tls ca --ca <base64 encoded ca certificate> --ca-chain <base64 encoded ca chain>
To enable TLS for public, internal and rgw endpoints, be explicit by using the --endpoint
option:
sunbeam enable tls ca --ca <base64 encoded ca certificate> --ca-chain <base64 encoded ca chain> --endpoint public --endpoint internal --endpoint rgw
Disable TLS CA
To disable TLS in the cloud, run the following command:
sunbeam disable tls ca
All services will work as if TLS was never enabled.
Use TLS CA
TLS certificates must now be provided to the Traefik units. This is covered on the Implement TLS using a third-party CA page.