SSL Certificates

By default SSL for peatio created by LetsEncrypt.

OPEX platform uses kube-lego for automatic SSL certificates generation.

#Custom SSL Certificates

If user have custom SSL certificates:

Go to peatio helm chart and remove

$> $EDITOR config/charts/peatio/templates/ingress.yaml

Remove extra row from annotations

kubernetes.io/tls-acme: "true"

Now annotations should look like this:

  nginx.org/websocket-services: {{ template "fullname" . }}-ws
  kubernetes.io/ingress.class: nginx

If peatio has been deployed, it already generate SSL certificates for it.

Check if those kubernetes secrets exist

$> kubectl get secret peatio-tls -oyaml

If they exist, let's remove those kubernetes secrets

$> kubectl delete secret peatio-tls

Now it's time to remove peatio deployment

$> helm delete --purge peatio

Create file paetio-tls.yaml and put your certs in this file with following structure

apiVersion: v1
kind: Secret
  name: peatio-tls
  namespace: default
type: kubernetes.io/tls
  tls.crt: ~ # Here should be base64 encoded value.
  tls.key: ~ # Here should be base64 encoded value.
$> kubectl apply -f paetio-tls.yaml

Deploy peatio

$> ./bin/peatio_app_up.sh

That's it!

For more information:

  1. http://software.danielwatrous.com/generate-tls-secret-for-kubernetes/

  2. https://kubernetes.io/docs/concepts/services-networking/ingress/#tls