Setting up SSL with self-signed certificates for DataHub Frontend in a local Kubernetes cluster

Original Slack Thread

<@U06TM7M40RK> I am running DataHub in a local K8s cluster. How would I enable SSL using self-signed certificates for DataHub Frontend for local development and configure for port 8443.

To enable SSL using self-signed certificates for DataHub Frontend in a local Kubernetes cluster, you can follow these steps:

1. Generate Self-Signed Certificates: Use OpenSSL to generate a self-signed certificate and key.

   openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=your-domain.com/O=your-domain.com"
   

2. Create Kubernetes Secrets: Store the generated certificates in a Kubernetes secret.

   kubectl create secret tls datahub-tls --key tls.key --cert tls.crt
   

3. Configure Ingress with SSL: Create an Ingress resource that uses the self-signed certificates and configure it to listen on port 8443.

   apiVersion: networking.k8s.io/v1
   kind: Ingress
   metadata:
     name: datahub-ingress
     annotations:
       nginx.ingress.kubernetes.io/ssl-redirect: "true"
       nginx.ingress.kubernetes.io/proxy-body-size: "0"
   spec:
     tls:
     - hosts:
       - your-domain.com
       secretName: datahub-tls
     rules:
     - host: your-domain.com
       http:
         paths:
         - path: /
           pathType: Prefix
           backend:
             service:
               name: datahub-frontend
               port:
                 number: 80
   

   Apply the Ingress resource:

   kubectl apply -f ingress.yaml
   

4. Enable SSL in DataHub Configuration: Modify your values.yaml file to enable SSL for DataHub components and configure the frontend to use port 8443.

   datahub:
     frontend:
       extraEnvs:
         - name: DATAHUB_FRONTEND_USE_SSL
           value: "true"
       service:
         port: 8443
   

5. Apply the Helm Chart: Deploy the changes using Helm.

   helm upgrade --install datahub datahub/datahub --values values.yaml
   

These steps are based on the instructions provided in the <Slack Slack Thread> and <https://cert-manager.io/docs/installation/kubernetes/|Cert-Manager Documentation>.

Would you like more detailed instructions or have any specific questions about these steps?

Sources:

• <Slack Slack Thread> 0 button 0 button Hint: Mention @runllm in the thread for followups.

Hi <@U06UR6TP4N6>, how did my answer work out for you? Need any more assistance? You can also tag <@U07FV3UHE4D> to let your fellow community members know you’re still looking for guidance.