Skip to content
This repository has been archived by the owner on Sep 16, 2023. It is now read-only.

[Feature Request] Mount certificates in Onyxia pods #39

Open
kellian-cottart opened this issue Jun 15, 2022 · 0 comments
Open

[Feature Request] Mount certificates in Onyxia pods #39

kellian-cottart opened this issue Jun 15, 2022 · 0 comments

Comments

@kellian-cottart
Copy link
Collaborator

kellian-cottart commented Jun 15, 2022
edited
Loading

Mount certificates in Onyxia pods

Issue

When using self-signed certificates without the proper authority, onyxia-api refuses to communicate with keycloak, making Onyxia dysfunction.

Workaround

In the Helm manifest, we can specify the following value to disable the problem, but it is only a workaroud:

api:
  keycloak.disable-trust-manager: true

Possible Fix

One point of inspiration could come from the MinIO Operator tenant helm chart, which allow a user to mount Kubernetes secrets inside the pods' list of certificates.

certificate:
    ## Use this field to provide a list of Secrets with external certificates. This can be used to configure
    ## TLS for MinIO Tenant pods.
    externalCACertSecret: [ ]

This would allow the needed certificates to be trusted by Onyxia, thus fixing the authority problem.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kellian-cottart