A Quick Note On Security
Epinio secures access to its API with TLS and basic authentication.
epinio login [URL] command after installation to save the necessary credentials
(user, password) and certificates. The information is stored in Epinio's settings,
for pickup by other Epinio commands.
For a trial deployment the certificate securing the API will be generated by the underlying cluster, and self-signed, and its CA certificate is stored in the settings to allow verification.
For a production-oriented deployment on the other hand, with a proper
domain specified (
--set global.domain=... when installing the chart),
the certificate can be obtained from Let's Encrypt. Nothing is stored in the
settings in that case, as Let's Encrypt is a known CA.
NOTE: Read more on how to use Let's Encrypt here: Certificate Issuers.
How Kubernetes accesses the Epinio registry (TLS or not) is handled a bit differently depending on installation flags. More details here: Epinio Registry.