search

Tanzu-Solutions-Engineering / tkg-lab

Day in the life of a TKG platform team.
140 stars 75 forks source link

Enables Harbor to trust Let's Encrypt #125

Closed crdant closed 3 years ago

crdant commented 4 years ago

TL;DR

Uses the trust certificate overlay to ensure that Harbor components trust Let's Encrypt as a CA (fixes #120)

Details

Allows using a custom URL/issuer for the Okta endpoint signed by Let's Encrypt. Ran into the same issue with Harbor (#120) as with Dex whereby the OIDC integration would fail if the Okta endpoint was signed with Let's Encrypt (see #119 for that change). This change applies the overlay overlay/trust-certificate to the Harbor extension to make sure the Let's Encrypt CA certificate is trusted by all Harbor components.

As a bonus, while validating this change I found an issue where the TKG extension for Harbor does not work when specifying an S3 backend. I added an additional overlay to make sure that works.

crdant commented 3 years ago

@jaimegag Are we go to go on this one?

jaimegag commented 3 years ago

@crdant Yes. Sorry I missed the last comments.