Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Helm genSelfSignedCert function #213

Open
1 of 2 tasks
bdalpe opened this issue Jun 17, 2024 · 1 comment
Open
1 of 2 tasks

Use Helm genSelfSignedCert function #213

bdalpe opened this issue Jun 17, 2024 · 1 comment
Labels
devops enhancement New feature or request

Comments

@bdalpe
Copy link

bdalpe commented Jun 17, 2024

Preflight Checklist

  • I could not find a solution in the existing issues, docs, nor discussions
  • I have joined the ZITADEL chat

Describe your problem

Continuing discussion from #189 by @eliobischof's request.

Describe your ideal solution

This would replace the init container with the use of the Helm genSelfSignedCert function for simple certificate management.

#212 (and by extension #207) should also be considered for extended certificate management.

I propose the chart should work in three ways:

  1. No certificate is generated. (this is the default: selfSignedCert.enabled=false)
  2. Setting selfSignedCert.enabled=true uses the genSelfSignedCert function to create a new self-signed certificates instead of using the alpine/openssl container initJob.
  3. Specifying a new existingSecret value in the Helm chart causes Zitadel to use externally-managed certificates. (i.e. created by cert-manager)

Version

No response

App version

No response

Additional Context

No response

@bdalpe bdalpe added the enhancement New feature or request label Jun 17, 2024
@bdalpe bdalpe changed the title Use Helm genSelfSignedCert function to Use Helm genSelfSignedCert function Jun 17, 2024
@hifabienne hifabienne moved this to 🧐 Investigating in Product Management Jun 18, 2024
@eliobischof eliobischof moved this from 🧐 Investigating to 📨 Product Backlog in Product Management Sep 26, 2024
@PurseChicken
Copy link
Contributor

PurseChicken commented Dec 13, 2024

Original author of the selfSignedCert functionality here.

What problem are you trying to solve? Are you strictly looking for the ability to use a cert-manager cert rather than the one generated using the existing initJob? Are you trying to rotate the cert generated by the initJob?

This will help me in determining the best way to solve the issue and then eventually create a PR for that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
devops enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants