search

Azure / aksArc

# Welcome to the Azure Kubernetes Service on Azure Stack HCI repo This is where the AKS-HCI team will track features and issues with AKS-HCI. We will monitor this repo in order to engage with our community and discuss questions, customer scenarios, or feature requests. Checkout our projects tab to see the roadmap for AKS-HCI!
MIT License
109 stars 45 forks source link

Separate custom certificate bundle deployment from proxy / no_proxy configs #301

Open Elektronenvolt opened 1 year ago

Elektronenvolt commented 1 year ago

Separate functionality for deploying custom root CA certs to worker nodes from Proxy

Description: We do not use Proxy and No_Proxy anymore but have our own root CA and intermediate certs in use to access internal services. To be able to pull container images from our own internal registry we need to have a bundle of certificates deployed to the cluster nodes.

So far we used these features to deploy and update these certificates: Configure proxy settings with a certificate
$proxySetting=New-AksHciProxySetting -name "certificates" -certFile c:\<path>\file.crt
Update certificate bundle on container hosts
Set-AksHciProxySetting -noProxy "" -certFile c:\<path>\file.crt

After issues caused by touching proxy and no-proxy configs we can't use these features anymore to deploy our certs to the nodes. Feature request: Please separate the functionality of custom certificate deployment from Proxy configs.

Elektronenvolt commented 1 year ago

We use now a DaemonSet to deploy customer certificates to nodes: https://github.com/Elektronenvolt/aks-hybrid/blob/main/Linux-certificate-ds.yaml