This is a bit un-ideal if you want to pass a secret, say one generated by cert-manager, directly to gateway.tls.credentialName. To do that, you have to use the pass through method, which can start muddying the values file if you still need the abstracted gateway block as well. It's also not good practice to take the data from the custom secret and pass it to the tls.key and tls.cert fields, because another secret will just be generated by Big Bang with that data and passed to the .credentialName. So now there are 2 secrets with the same data, and in the case of cert-manager, this potentially makes the automatic rotation more complicated.
Feature Request
Hello! Is it possible to expose the istio
gateways.tls.credentialName
value as an abstracted value?Why
Currently Big Bang exposes the Istio gateway tls values as:
This is a bit un-ideal if you want to pass a secret, say one generated by cert-manager, directly to
gateway.tls.credentialName
. To do that, you have to use the pass through method, which can start muddying the values file if you still need the abstracted gateway block as well. It's also not good practice to take the data from the custom secret and pass it to the tls.key and tls.cert fields, because another secret will just be generated by Big Bang with that data and passed to the.credentialName
. So now there are 2 secrets with the same data, and in the case of cert-manager, this potentially makes the automatic rotation more complicated.Proposed Solution
Add
credentialName
to exposed values like so:then in https://repo1.dso.mil/big-bang/bigbang/-/blob/master/chart/templates/istio/values.yaml on lines 122 and 139 --
credentialName: {{ $index }}-{{ $name }}-cert
/credentialName: {{ $name }}-cert
add a condition to check if$servervalues
hascredentialName
and use that if found. There shouldn't be a need to edit https://repo1.dso.mil/big-bang/bigbang/-/blob/master/chart/templates/istio/secret-tls.yaml since this shouldn't get generated if the user does not passtls.key
andtls.cert
.