Applications that publish HTTP endpoints can be protected by TLS certificates. In the future, Acorn will provide built-in mechanisms to automatically provide certificates for each endpoint. Today, adding a certificate must follow the manual approach.
Manually adding certificates
Acorn will automatically look for SANs in secrets of type
kubernetes.io/tls for the
exposed FQDN of the application in the Acorn namespace.
Assume you are deploying an app and plan to host on
Add existing certificates using kubectl
Before launching the application pre-create a secret in the
acorn namespace containing the
certificate like so:
kubectl create secret tls my-app-tls-secret --cert=path/to/my-app-tls.cert --key=path/to/my-app-tls.key
Add with Cert-Manager
If you are already using Cert-Manager today, you can leverage it with Acorn right away. First you must create a certificate resource in the Acorn namespace:
kubectl apply -n acorn -f ./my-cert.yaml
Cert-Manager will create a certificate for
my-app.example.com and store it in a secret
Consume the secret
Once you have manually created the TLS secret using one of the methods above you can consume it in your application.
When you deploy the application Acorn, you can launch with the FQDN of your app.
acorn run -p my-app.example.com:web [MY_APP_IMAGE]
Acorn will automatically inspect each certificate in the Acorn namespace for one that can be used with
If no TLS secret is found with that FQDN, it will be exposed on HTTP only.