#298: Add support to TLS domains for dashboards #299
Conversation
|
IIUC the goal here is to have the dashboard traffic served to the user over TLS, is that correct? If so, I think an easier way would be to add TLS configuration support for both of the existing entrypoints (web and tcp). Then both the api and dashboard traffic could be served over TLS without the need for additional logic in the controller. I'm not sure how best to offer TLS configuration via the helm chart. Ideally we could support both self-provided certs as well as letsencrypt generated ones. I'd probably look at what the zero-to-jupyterhub-k8s helm chart offered for inspiration. Thoughts? |
|
Good point, I need to provide more context as to why I went for this implementation: I'm trying to bring dask gateway into the company I'm working for, and helm chart was useful to generate the initial yaml files, which then had to be tweaked quite a bit. Perhaps, once I get it all working I can contribute the additional extension points to helm charts to make it usable in highly controlled K8s environments. I managed to solve many issues (inc. securing the API) and this PR is one of the few remaining outstanding issues (still investigating some of the other ones). I chose the minimal change to reduce likely hood for breaking changes and nasty side effects. If there's a way to configure traefik endpoint with the settings in the PR (not certs/secrets!) and is external to the controller, please let me know, as that would reduce the need for this PR altogether. |
|
@jcrist , any push back or concerns about this targeted fix? |
See related issue: #298