Configuring Eclipse Che with self-signed certificate

By default chectl creates a Kubernetes Job to generate self-signed certificate to deploy Che with. This procedure describes how to configure a custom self-signed certificate on prior of deploying Che.

Prerequisites

An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.
Generated certificate and private key files.

Procedure

Pre-create a namespace for Che:
```
$ kubectl create namespace eclipse-che
```
Create a che-tls secret:
```
$ kubectl create secret tls che-tls \
--key <key_file> \ (1)
--cert <cert_file> \ (2)
-n eclipse-che
```
1 A file with the private key in PEM format

2 A file with the public key certificates in PEM format

Add the required labels to the secret:

$ kubectl label secret che-tls app.kubernetes.io/part-of=che.eclipse.org -n eclipse-che

Create a self-signed-certificate secret:

$ kubectl create secret generic self-signed-certificate \
--from-file=ca.crt=<certitifcate_chain_of_trust_file> \ (1)
-n eclipse-che

1	A file with certificate chain of trust in PEM format

Add the required labels to the secret:

$ kubectl label secret self-signed-certificate app.kubernetes.io/part-of=che.eclipse.org -n eclipse-che

Additional resources

Installing Che

1	A file with the private key in PEM format
2	A file with the public key certificates in PEM format