kamaji
kamaji copied to clipboard
clastix
made tls optional #1
This PR will make tlsConfig on datastores optional. Allowing for the following setups:
- Datastores with TLS (CA + Client Certificates)
- Datastores with TLS (CA only)
- Datastore without TLS Client Certficates (endpoints can still have TLS certificates, just signed by a private or public CA)
This will allow operators to use datastores like PostgreSQL on providers that do not offer client certificates.
Deploy Preview for kamaji-documentation canceled.
| Name | Link |
|---|---|
| Latest commit | 1b243868ea7295d732cae46ef0461691b282d476 |
| Latest deploy log | https://app.netlify.com/sites/kamaji-documentation/deploys/663b19acf59a2a0008a3cdd1 |
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Some minor changes, something I didn't think of is that we have mandatory TLS configuration with
etcd.It would be perfect if we could have a validating webhook for Datastore of
etcdkind which requires the struct field.
That is indeed a nice idea, can we introduce this in a future patch? it will require a bit more research on my end.
When we push this version we need to make sure people upgrade their CRDs otherwise NATS and no-tls configs won't be supported.
When we push this version we need to make sure people upgrade their CRDs otherwise NATS and no-tls configs won't be supported
No problem for this, we're going to mark minor release both on Kamaji and its Helm Chart, and we'll document this extensively.
Not sure if I just asked for that or not, we should mark mandatory client-certificates for
etcddatastores since we're just supporting that kind of authentication.Edit: missed this, my bad That is indeed a nice idea, can we introduce this in a future patch? it will require a bit more research on my end.
Should be the case now