Kubermatic Demo Mode without Certificates

I am currently stuck setting up Kubermatic Kubernetes Platform due to not having signed certificates and not being able to connect LetsEncyrpt (internal rules :woman_shrugging:). I am already working on that but with COVID everything is moving very very slow (Not that it was fast before the crisis but this is next level :grinning:). Is it possible to setup Kubermatic in an “insecure” Demo Mode?

I’d suggest to use DNS challenge of cert-manager if it’s not possible to receive direct HTTP calls from the outside world.

1 Like

Another alternative is to use self-signed certificates (the cert-manager can issue those) and then spreading the CA via the spec.auth.caBundle flag in the KubermaticConfiguration. This enables the Kubermatic API to talk with Dex using a custom certificate.

HTTPS is always mandatory, it’s not possible to reconfigure the Kubermatic stack to use plaintext HTTP.