You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
The current process for handling self-signed certificates in Routr operates from within the Docker images. This leads to a situation where services create their own self-signed certificates rather than reusing the same one. For example, if we create two instances of the StatefulSet EdgePort, each would create it's own certificate.
Describe the solution you'd like
To facilitate the sharing of a self-signed certificate, we should leverage Kubernetes Secrets. Additionally, we should consider introducing a sidecar that checks if the secret exists and creates a new one if it doesn't.
Describe alternatives you've considered
Keep the existing process since it is not causing any issues at the moment.
Additional context
We should explore making this mechanism reusable for the Let's Encrypt implementation. Also, we might consider removing the self-signed certificate generation from individual services, given that we are shifting operations to a sidecar. This would result in a cleaner Docker image.
An exception would be the fonoster/routr:all-in-one image, which should continue to include certificate generation.
Funding
You can sponsor this specific effort via a Polar.sh pledge below
We receive the pledge once the issue is completed & verified
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
The current process for handling self-signed certificates in Routr operates from within the Docker images. This leads to a situation where services create their own self-signed certificates rather than reusing the same one. For example, if we create two instances of the StatefulSet EdgePort, each would create it's own certificate.
Describe the solution you'd like
To facilitate the sharing of a self-signed certificate, we should leverage Kubernetes Secrets. Additionally, we should consider introducing a sidecar that checks if the secret exists and creates a new one if it doesn't.
Describe alternatives you've considered
Keep the existing process since it is not causing any issues at the moment.
Additional context
We should explore making this mechanism reusable for the Let's Encrypt implementation. Also, we might consider removing the self-signed certificate generation from individual services, given that we are shifting operations to a sidecar. This would result in a cleaner Docker image.
Funding
The text was updated successfully, but these errors were encountered: