docker-selenium icon indicating copy to clipboard operation
docker-selenium copied to clipboard

Published 20 hours ago • verified publisher icon SeleniumHQ

[🚀 Feature]: Manage TLS Certificate Externally

Open declan-fitzpatrick opened this issue 1 year ago • 1 comments

Feature and motivation

The tls-cert-secret.yaml has limited functionality.

It only allows self signed cert generation if ingress is enabled, and tls is disabled. Alternatively, you have to pass the values of the certificate in as non-base64 literals, which causes an issue with the selenium.jks binary.

Ideally, the helm chart would allow you to manage the secret yourself, and pass the name into a value like .Values.tls.existingSecretName. Functionally, only seleniumGrid.tls.fullname needs an update, and then tls-cert-secret.yaml would need an overall toggle

Usage example

To use the feature, you would manage your secret yourself, provisioning however you deem fit, for example:

./cert.sh
kubectl -n selenium-grid create secret generic ca-selenium --from-file=selenium.pem --from-file=selenium.jks --from-file=selenium.pkcs8

And use the TLS secret in Selenium Grid.

...
tls: 
  enabled: true
  existingSecretName: "ca-selenium"
...

declan-fitzpatrick avatar Jun 28 '24 11:06 declan-fitzpatrick

@declan-fitzpatrick, thank you for creating this issue. We will troubleshoot it as soon as we can.

Info for maintainers

Triage this issue by using labels.

If information is missing, add a helpful comment and then I-issue-template label.

If the issue is a question, add the I-question label.

If the issue is valid but there is no time to troubleshoot it, consider adding the help wanted label.

If the issue requires changes or fixes from an external project (e.g., ChromeDriver, GeckoDriver, MSEdgeDriver, W3C), add the applicable G-* label, and it will provide the correct link and auto-close the issue.

After troubleshooting the issue, please add the R-awaiting answer label.

Thank you!

github-actions[bot] avatar Jun 28 '24 11:06 github-actions[bot]

In part of this, I am doing the refactoring on helm chart config keys to enable TLS ingress only or the secure connection in both server and ingress in front

VietND96 avatar Jul 10 '24 19:07 VietND96

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

github-actions[bot] avatar Aug 16 '24 00:08 github-actions[bot]