-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow mounting of managed certs in pods #721
Comments
I never had issues with SAML tbh. because even if we add this, which is very well possible, we've never supported https outside of doing so via ingress and have absolutely zero plans to do so either. |
Hi, To elaborate on the particular use case I talked about above - I am currently using authentik's SAML provider to authenticate in Nextcloud. However, I have currently configured it to use its own auto-generated self-signed cert to sign the SAML assertions. This leads to 2 problems:
Having the ability to mount a managed cert in the pods will simplify this a lot and will eliminate user errors. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in two weeks if no further activity occurs. Thank you for your contributions. |
This issue has been automatically closed due to inactivity. Please re-open if this still requires investigation. |
Still hoping this is planned... |
Nope not planned. |
not denied either htough,. |
If you want to expedite this enhancement, please consider putting a bounty on it here: https://opencollective.com/truecharts-bounties/contribute/place-bounty-72003 |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in two weeks if no further activity occurs. Thank you for your contributions. |
This issue has been automatically closed due to inactivity. Please re-open if this still requires investigation. |
Is your feature request related to a problem?
Currently, there is no way to mount managed certs (such as the ones used for ingress) into pods. This forces me to manage certs manually, which is both tiresome and prone to error (cert expiry).
I need to be able to mount certs into pods in such a way that they are replaced automatically with new certs when needed. Basically, I need a solution for managing certs mounted into pods.
I need the mounted certs for a number of reasons, one of which is SAML auth between apps (which needs trusted certificates to be used between the IdP and SP)
Describe the solution you'd like
I propose this is solved with trust-manager.
Trust-manager is a small operator which can be integrated with cert-manager (but also works standalone). It allows for setting up and managing config maps with cert "bundles" which can then be mounted into pods. It automates the whole process by automatically replacing the config maps when necessary, which allows you always to have the correct certs mounted in your pods.
In terms of chart UI, I am imagining something like the host-path mount interface, but instead of selecting a directory path on the host that you want to be mounted into your pod, you will write down the bundle name you have created in trust-manager (similar to how you write down the name of a Traefik middleware). Then select the path in the pod where you would like that bundle mounted.
Describe alternatives you've considered
Continue managing certs manually
Additional context
Example chart for trust-manager: https://github.com/cert-manager/trust-manager/tree/main/deploy/charts/trust-manager
I've read and agree with the following
The text was updated successfully, but these errors were encountered: