Another great question
When using the Native Scheduler, we had a way to spin up a fully installed instance with an SSL cert applied, a license uploaded, and the app installed and running. Is there a similar way to do this for KOTS?
Another great question
When using the Native Scheduler, we had a way to spin up a fully installed instance with an SSL cert applied, a license uploaded, and the app installed and running. Is there a similar way to do this for KOTS?
For embedded installations, you can make use of the kubectl kots
CLI that comes pre-baked on embedded installations. There’s an example in the automating existing cluster install documentation. For an embedded cluster, you can use the same command after the curl https://k8s.kurl.sh/... | sudo bash
has completed. For embedded clusters, the namespace should always be default
instead of app-name
as in the example.
kubectl kots install $APP_NAME \
--namespace default \
--shared-password password \
--license-file ./license.yaml \
--config-values ./configvalues.yaml \
--no-port-forward
The SSL certificate can be pre-loaded after the kURL install completes by patching the secret generated. Based on this handy thread, the easiest way to do this if you have the cert files tls.crt
and tls.key
handy is:
kubectl create secret generic kotsadm-tls \
--save-config \
--dry-run=client \
--from-file=./tls.key --from-file=./tls.crt \
-o yaml | \
kubectl apply -f -
Although there are a few alternatives listed there as well if you, for example, have the cert and key available as base64 encoded environment variables instead of files.
Some other related documentation on this can be found in Uploading new TLS certs.