tobs icon indicating copy to clipboard operation
tobs copied to clipboard

Published 20 hours ago verified publisher icon timescale

Allow users to provide their own certificate management solution for tracing

Open ramonguiu opened this issue 3 years ago • 3 comments

Some teams have an internal standard tool for managing certificates in Kubernetes like Vault or KMS. At the moment we require that users install cert-manager for the OpenTelemetry Operator to function.

We want to make it possible for Promscale administrators to use their own certificate management tool while still offering the option to install cert-manager for those that don't have one and/or want to use automatic certificate provisioning.

Tasks

  • [ ] provide a way to use externally provisioned certificates for ot-operator consumption
  • [ ] remove cert-managaer lifecycle management from tobs while keeping dependency on cert-manager types for folks who want to have automatic certificate provisioning

ramonguiu avatar Dec 10 '21 15:12 ramonguiu

To explore, disabling option in operator helm chart - https://github.com/open-telemetry/opentelemetry-helm-charts/blob/main/charts/opentelemetry-operator/values.yaml#L53-L54

paulfantom avatar May 30 '22 05:05 paulfantom

To explore, additional Job to create caBundle. Example from kube-prometheus - https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml#L1476-L1521

paulfantom avatar Jun 10 '22 15:06 paulfantom

We haven't heard this request again. Given the size, I would reconsider if this is something we want to do as part of this epic or possibly postpone to a future epic.

cc: @VineethReddy02

ramonguiu avatar Jul 29 '22 08:07 ramonguiu