A Quick Note On Security

Epinio secures access to its API with TLS and basic authentication.

Use the epinio login [URL] command after installation to save the necessary credentials (user, password) and certificates. The information is stored in Epinio's settings, for pickup by other Epinio commands.

For a trial deployment the certificate securing the API will be generated by the underlying cluster, and self-signed, and its CA certificate is stored in the settings to allow verification.

For a production-oriented deployment on the other hand, with a proper domain specified (--set global.domain=... when installing the chart), the certificate can be obtained from Let's Encrypt. Nothing is stored in the settings in that case, as Let's Encrypt is a known CA.

NOTE: Read more on how to use Let's Encrypt here: Certificate Issuers.

How Kubernetes accesses the Epinio registry (TLS or not) is handled a bit differently depending on installation flags. More details here: Epinio Registry.