A Quick Note On Security
Epinio secures access to its API with TLS and basic authentication.
epinio settings update command after installation to extract and save the necessary credentials
(user, password) and certificates. The information is stored in Epinio's settings,
for pickup by other Epinio commands.
For a trial deployment the certificate securing the API will be generated by the underlying cluster, and self-signed, and its CA certificate is stored in the settings to allow verification.
For a production-oriented deployment on the other hand, with a proper
domain specified (
--set global.domain=... when installing the chart),
the certificate can be obtained from Let's Encrypt. Nothing is stored in the
settings in that case, as Let's Encrypt is a known CA.
NOTE: Read more on how to use Let's Encrypt here: Certificate Issuers.
How Kubernetes accesses the Epinio registry (TLS or not) is handled a bit differently depending on installation flags. More details here: Epinio Registry.