When using self-signed certificates without the proper authority, onyxia-api refuses to communicate with keycloak, making Onyxia dysfunction.
Workaround
In the Helm manifest, we can specify the following value to disable the problem, but it is only a workaroud:
api:
keycloak.disable-trust-manager: true
Possible Fix
One point of inspiration could come from the MinIO Operatortenant helm chart, which allow a user to mount Kubernetes secrets inside the pods' list of certificates.
certificate:
## Use this field to provide a list of Secrets with external certificates. This can be used to configure
## TLS for MinIO Tenant pods.
externalCACertSecret: [ ]
This would allow the needed certificates to be trusted by Onyxia, thus fixing the authority problem.
Mount certificates in Onyxia pods
Issue
When using self-signed certificates without the proper authority,
onyxia-api
refuses to communicate with keycloak, making Onyxia dysfunction.Workaround
In the Helm manifest, we can specify the following value to disable the problem, but it is only a workaroud:
Possible Fix
One point of inspiration could come from the
MinIO Operator
tenant helm chart, which allow a user to mount Kubernetes secrets inside the pods' list of certificates.This would allow the needed certificates to be trusted by Onyxia, thus fixing the authority problem.