Missing default self-signed certificates in helm deployment when using tlsOn=true
psanders opened this issue · comments
Describe the bug
When setting tlsOn=true
using the official helm chart, the system does not default to self-signed certificates. This can lead to an insecure setup or the need for manual configurations that aren't explicitly documented.
To Reproduce
Steps to reproduce the behavior:
- Install Routr using the official helm
- Observe that the TLS configuration is not applied.
- Also, observe that Edgeport issues the error "found at least one secure protocol which requires setting the .spec.securityContext"
Expected behavior
When apiserver.tlsOn
=true:
The system should default to generating and using self-signed certificates for the APIServer.
When edgeport.transport.tls.enabled
=true (Same applies for wss transport)
The system should default to generate and using self-signed certificates for the EdgePort.
There should be documentation available to guide users on how to manually create and add certificates.
Screenshots
NA
System information (please complete the following):
Environment: Helm + K8s
Additional context
We're already defaulting to self-signed certificates for the docker-compose deployment. We should be able to reuse some of that work.
I've updated the issue to cover only self-signed certificates. Supporting Let’s Encrypt is a bigger task and will be addressed in a separate issue.
Sounds good.
We are all set here #213