Missing default self-signed certificates in helm deployment when using tlsOn=true

Question

Missing default self-signed certificates in helm deployment when using tlsOn=true

psanders opened this issue 10 months ago · comments

Describe the bug

When setting tlsOn=true using the official helm chart, the system does not default to self-signed certificates. This can lead to an insecure setup or the need for manual configurations that aren't explicitly documented.

To Reproduce

Steps to reproduce the behavior:

Install Routr using the official helm
Observe that the TLS configuration is not applied.
Also, observe that Edgeport issues the error "found at least one secure protocol which requires setting the .spec.securityContext"

Expected behavior

When apiserver.tlsOn=true:

The system should default to generating and using self-signed certificates for the APIServer.

When edgeport.transport.tls.enabled=true (Same applies for wss transport)

The system should default to generate and using self-signed certificates for the EdgePort.

There should be documentation available to guide users on how to manually create and add certificates.

Screenshots

NA

System information (please complete the following):

Environment: Helm + K8s

Additional context

We're already defaulting to self-signed certificates for the docker-compose deployment. We should be able to reuse some of that work.

Pedro Sanders · Answer 1 · Wed Aug 16 2023 20:57:01 GMT+0800 (China Standard Time)

I've updated the issue to cover only self-signed certificates. Supporting Let’s Encrypt is a bigger task and will be addressed in a separate issue.

wfzelle · Answer 2 · Wed Aug 16 2023 21:49:16 GMT+0800 (China Standard Time)

Sounds good.

Pedro Sanders · Answer 3 · Thu Aug 17 2023 07:07:31 GMT+0800 (China Standard Time)

We are all set here #213