microsatellites with tls, multiple ports, and image update#12
microsatellites with tls, multiple ports, and image update#12justin-chizer wants to merge 5 commits into
Conversation
Increment chart version Run helm-docs to update README
AjohnsonLS
left a comment
There was a problem hiding this comment.
This looks great, and thank you for your additions!
|
This is currently failing to lint. I believe something in the deployments file introduced either some white space or one of the new values is being improperly indented. I'm investigating this currently, but welcome if you see anything obvious in that regard. |
I think I fixed the lint issue. Just waiting on the GHA to run. |
|
This approach is at odds with the way kubernets stores certificate secrets though, we're looking for a way on how we could concat the ca.crt and and tls.crt as cert-manager makes them into the expected bundle.pem |
|
to clarify my previous comment: What I’m saying is that the proposed solution is going against the standard way of handling certificates in kubernetes, namely, store them in a In this case it has some more annotations because of our use of cert-manager, but the tls type secret is a kubernetes standard. Kubernetes then allows to mount this secret on a directory, and expose the keys as files in that directory, keeping them updated as the secret is updated, by for instance cert-manager. Of course doing it like I propose would require changes on the microsatellite side, like:
but in the end it would mean a more automated deployment that wouldn't require a manual intervention to change the certificate secret and restart the deployment to pick it up. |
I made some changes to help align this chart to how we use microsatellites while following your docs.
Currently we have to use Kustomize along with Helm to deploy the chart and these changes would make that unnecessary. Please let me know if there is anything else I need to change.