TT-9857 Only first certificate of certificate_secret_names is assigned to API
Freakazoid182 opened this issue · 2 comments
When defining multiple certificate_secrets_names
on an ApiDefinition
it seems only the first one is actually assigned to the API by the operator.
Providing this in the ApiDefinition
resource:
certificate_secret_names:
- cert1-secret
- cert2-secret
Results in an API with only the first certificate id:
"certificates" : [
"cert1-id"
]
Switching the order of certificate_secret_names
will result in only cert2-id
being assigned to the API
Expected Behavior
All certificates defined in certificate_secret_names
should be assigned to the API
Current Behavior
Only the first entry in certificate_secret_names
is assigned to the API. Both certificates are provisioned in Tyk though, and are visible on the dashboard under the Certificates menu.
Steps to Reproduce
- Provision at least 2 TLS certificates as Kubernetes secrets
- Assign both secrets to the
certificate_secret_names
on theApiDefinition
- Note only 1 certificate id is assigned to the API
Context
A workaround we have now is to define the certificate ids directly on the certificates
field on the ApiDefinition
. This does required getting the certificates provisioned first using certificate_secrets_names
and then updating the definitions with the ids on the certificate
field instead. When using certmanager to autorotate the certs/secrets, we then still have to manually update the certificates, because this changes the ids. This won't work nicely in the long term.
certificates:
- cert1-id
- cert2-id
Your Environment
- OS (e.g. Linux, macOS, Windows):
- OS version: Tyk Operator Container
tykio/tyk-operator
- OS version: Tyk Operator Container
tyk-operator
version/commit:v0.15.0
@Freakazoid182 thank you for raising this one. This is definitely a missing feature of our controller.
As per comment here, only one secret is supported at the moment.
I'll create an internal ticket to keep track of this feature.
We welcome all PRs :) If you want to contribute, this doc https://github.com/TykTechnologies/tyk-operator/blob/master/CONTRIBUTING.md might be useful.
@buraksekili Thank you for the immediate response! 👍 Glad to hear this is now kept track of. I would greatly appreciate this being implemented.