Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Evaluate migration of self-signed certificate process to a sidecar #215

Open
psanders opened this issue Aug 16, 2023 · 0 comments
Open

Evaluate migration of self-signed certificate process to a sidecar #215

psanders opened this issue Aug 16, 2023 · 0 comments
Labels

Comments

@psanders
Copy link
Member

psanders commented Aug 16, 2023

Is your feature request related to a problem? Please describe.

The current process for handling self-signed certificates in Routr operates from within the Docker images. This leads to a situation where services create their own self-signed certificates rather than reusing the same one. For example, if we create two instances of the StatefulSet EdgePort, each would create it's own certificate.

Describe the solution you'd like

To facilitate the sharing of a self-signed certificate, we should leverage Kubernetes Secrets. Additionally, we should consider introducing a sidecar that checks if the secret exists and creates a new one if it doesn't.

Describe alternatives you've considered

Keep the existing process since it is not causing any issues at the moment.

Additional context

We should explore making this mechanism reusable for the Let's Encrypt implementation. Also, we might consider removing the self-signed certificate generation from individual services, given that we are shifting operations to a sidecar. This would result in a cleaner Docker image.

An exception would be the fonoster/routr:all-in-one image, which should continue to include certificate generation.

Funding

  • You can sponsor this specific effort via a Polar.sh pledge below
  • We receive the pledge once the issue is completed & verified
Fund with Polar
@polar-sh polar-sh bot added the polar label Nov 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant