Add support for externally managed certificates for OpenShift #808
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem description
While the TLS certificates for most cluster variants can be specified through a secret, in OpenShift the certificate and private key for TLS have to be specified in the values.yaml file. This is a security weakness as the private key is confidential data and needs to be kept secure. Hence clients are asking for a possibility to specify TLS certificates as secret also for OpenShift.
Proposed solution
Add support for Openshift external certificates for the OpenShift route. See Creating a route with externally managed certificate for details.
In the values.yaml file add some property to specify the secret name for the external certificate. If tls is enabled and this property is set, configure the route with the certificate from the secret, otherwise use the other certificate properties (certificate, key, cacertificate).
Workaround
As a workaround the ingress creation can be suppressed by setting ingress.enabled to false and manually creating a route, which references an external certificate secret.
The text was updated successfully, but these errors were encountered: