charts icon indicating copy to clipboard operation
charts copied to clipboard
verified publisher icon Kong

Support creating mTLS certificates between KIC and Kong admin APIs in installation

Open randmonkey opened this issue 9 months ago • 0 comments

From FTI-5816. Customer wants to create the mTLS certificates between KIC and Kong admin APIs and use it in one helm install command. For example, customers can create such a values.yaml and install KIC by the kong/ingress charts, then the CA certificates and client certificates for mTLS are created and used between KIC and Kong admin APIs.

controller: 
 ingressController:
    adminApi:
      tls:
        client:
          enabled: true
          certProvided: false
gateway:
  admin:
    tls:
      client:
        secretName: <release name>-controller-admin-api-ca-keypair

Currently customers has to create the certificates with the values removing the gateway.admin.tls.client.secretName:

controller: 
 ingressController:
    adminApi:
      tls:
        client:
          enabled: true
          certProvided: false

Then add back gateway.admin.tls.client.secretName in the values and upgrade the release. This is not convenient so customers want to have a way to create and use mTLS certificates by a single helm install command.

randmonkey avatar Mar 18 '25 06:03 randmonkey