Add tls section to ingress manifest #218
Conversation
There was a problem hiding this comment.
@ddieruf - what is the motivation for this PR?
I don't think this TLS configuration would work correctly, since the top level tls key is used to configure an ingress controller, like nginx, to terminate TLS. When enableTls is true, TLS is currently configured to terminate at the proxy.
|
That was my intention with adding the The current file has no tls section and the spacing for |
|
@ddieruf - you're correct that the indentation is wrong in that file.
Can you clarify this point? Where do you want it to terminate? Also, have you tested this change to verify that it adds the support you'd like to see? Thanks! |
|
I am running this in my home lab, where I don't have a proper device to terminate TLS or load balance. I was only running 1 instance of the proxy and wanted to use the tls feature of the ingress to handle things. Maybe I am going about this wrong. I had envisioned tls requests coming into the proxy, then the proxy forwarding on to the broker. I am not using inter-component tls, so the proxy terminates. I have this running but have other compatibility issues with the way Let's Encrypt sends cert data to cert-manager. They include the CA in the cert chain and don't break it out. Thus, cert-manager only creates the certstore not the truststore. So my proxy is not healthy ATM. |
No description provided.