Skip to content

Ability to specify additional CA using a secret name/key #215

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 16, 2024
Merged

Ability to specify additional CA using a secret name/key #215

merged 1 commit into from
Oct 16, 2024

Conversation

@divolgin
Copy link
Member

@divolgin divolgin commented Oct 15, 2024
edited
Loading

What this PR does / why we need it:

In addition to using a configmap to provide SDK with custom CA, this allows using a secret. Example values:

privateCASecret:
  name: additional-ca
  key: custom-ca.crt

This is a follow up to #209

Which issue(s) this PR fixes:

Fixes https://app.shortcut.com/replicated/story/113584/can-t-reuse-existing-secret-for-custom-ca

Special notes for your reviewer:

Steps to reproduce

Does this PR introduce a user-facing change?

Adds support for specifying custom Certificate Authorities using a secret.

Does this PR require documentation?

replicatedhq/replicated-docs#2742

@divolgin divolgin mentioned this pull request Oct 15, 2024
Merged
@divolgin divolgin marked this pull request as ready for review October 15, 2024 16:53
@ggguardian
Copy link

ggguardian commented Oct 16, 2024
edited
Loading

Nice Job!
IMO It could be interesting to provide the CA directly in the values without relying on an existing ConfigMap/Secret though as it is not something really sensitive.
A use case would be for a user to provide a CA file via KOTS config, and we could inject that value into the replicated Helm chart’s values, for example, What do you think?

I suggest adding the following parameter in values:

privateCA: |
    <certificate>

@divolgin
Copy link
Member Author

divolgin commented Oct 16, 2024

Nice Job! IMO It could be interesting to provide the CA directly in the values without relying on an existing ConfigMap/Secret though as it is not something really sensitive. A use case would be for a user to provide a CA file via KOTS config, and we could inject that value into the replicated Helm chart’s values, for example, What do you think?

I suggest adding the following parameter in values:

privateCA: |
    <certificate>

That makes sense. This behavior would need some parity with KOTS. I'm going to go ahead and merge this since this satisfies your requirements. Just to remind you that if you need anything, there is a Feature Request option on the support form

@divolgin divolgin merged commit 317c7c4 into main Oct 16, 2024
11 checks passed
@divolgin divolgin deleted the divolgin/sc-113584/can-t-reuse-existing-secret-for-custom-ca branch October 16, 2024 16:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@pandemicsyn pandemicsyn pandemicsyn approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

type::feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@divolgin @ggguardian @pandemicsyn