Feature: Deploy falcosidekick and falco server and client secrets for mTLS #546
Conversation
Signed-off-by: Juan Gonzalez Martinez <[email protected]>
poiana
added
kind/feature
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: jgmartinez The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Signed-off-by: Juan Gonzalez Martinez <[email protected]>
|
By changing the folders for the certs, are you sure it will not create breaking change? Moreover I'm not sure the CI will accept to merge a PR for modifications of 2 charts at once. |
|
Hi @Issif! You are right, changing the default values of the CA directory, in the Falco chart, could break https connections if no CA is defined. I think it would be better to leave it blank since Falco itself defaults to As of Falcosidekick, I just added the Confirm if I need to open separate PRs for each chart and I'll do it when all changes are "approved" in a comment 😄 Thank you! |
Signed-off-by: Juan Gonzalez Martinez <[email protected]>
Signed-off-by: Juan Gonzalez Martinez <[email protected]>
|
Yes please, do 2 PR, I will review the falcosidekick part and someone else (or maybe me), the falco one. |
What type of PR is this?
/kind feature
/kind chart-release
Any specific area of the project related to this PR?
/area falco-chart
/area falcosidekick-chart
What this PR does / why we need it:
This PR adds the capability of loading certificates dynamically via helm values, instead mounting volumes. It's structured in a way to make it easier to deploy mTLS cryptographic material for both falco and falcosidekick when http_output is enabled.
Which issue(s) this PR fixes:
N/A
Special notes for your reviewer:
There are some changes in the directories to store the certificates. It seems not to break anything, but this of course can be overridden by a local values file.
Checklist