Commit efa6b06f authored by Geert-Johan Riemer's avatar Geert-Johan Riemer

docs: Add production.md

parent a9c9a73c
Pipeline #53685737 passed with stages
in 14 minutes and 3 seconds
---
title: "Production environment"
description: ""
weight: 20
menu:
docs:
parent: "further-reading"
---
## Introduction
To make use of the NLX production environment you will need verified and signed certificates. This page describes the production environment and how to obtain certificates.
## Preprod vs prod
Both preprod and prod run the same version of NLX components. Both environments have a closed CA PKI, which means you'll need to obtain certificates through a manual verification process.
The preprod environment is meant for testing the production setup, before it actually moves to production. The preprod environment has a closed CA, but should not be used with real-life data.
The prod environment is where the actual production processes communicate. Services present real data and all logs are kept for accountability. The prod environment should never be used for testing.
Note that the preprod and prod environments are not stable yet in the sense that there will be breaking changes and required upgrades as we improve on things like TLS, protocols, discovery, proxying, etc.
## Obtaining a certificate
If you require a certificate for preprod and/or prod, please send a mail to support@nlx.io, we'll help you getting started with the manual verification process from there.
# pki
This document how the initial NLX pki is configured. This component does not contain any secrets.
This document describes how the initial NLX pki is configured. This component does not contain any secrets.
## Introduction
......@@ -97,7 +97,7 @@ env=preprod echo '{"hosts": ["'${env}'.nlx.io"], "key": {"algo": "rsa", "size":
cfssljson -bare ca
```
Sign a certificate for the directory compoments, run for all components that need a cert.
Sign a certificate for the directory components, run for all components that need a cert.
```bash
env=preprod
......@@ -128,7 +128,7 @@ kubectl -n ${namespace} create secret generic certs-${component} \
--from-file=./ca.pem
```
Create a key and certificate for an external party, run:
To create a key and certificate for an external party, run:
```bash
certDomain=< the domain of the inway/outway that needs a cert >
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment