Use Helm genSelfSignedCert function

Question

Use Helm genSelfSignedCert function

Opened this issue 6 months ago · 1 comments

bdalpe commented 6 months ago

Preflight Checklist

I could not find a solution in the existing issues, docs, nor discussions
I have joined the ZITADEL chat

Describe your problem

Continuing discussion from #189 by @eliobischof's request.

Describe your ideal solution

This would replace the init container with the use of the Helm genSelfSignedCert function for simple certificate management.

#212 (and by extension #207) should also be considered for extended certificate management.

I propose the chart should work in three ways:

No certificate is generated. (this is the default: selfSignedCert.enabled=false)
Setting selfSignedCert.enabled=true uses the genSelfSignedCert function to create a new self-signed certificates instead of using the alpine/openssl container initJob.
Specifying a new existingSecret value in the Helm chart causes Zitadel to use externally-managed certificates. (i.e. created by cert-manager)

Version

No response

App version

No response

Additional Context

No response

Answer 1 · 2024-12-13T23:51:40.000Z

Original author of the selfSignedCert functionality here.

What problem are you trying to solve? Are you strictly looking for the ability to use a cert-manager cert rather than the one generated using the existing initJob? Are you trying to rotate the cert generated by the initJob?

This will help me in determining the best way to solve the issue and then eventually create a PR for that.