Making DataStore TLS configuration optional

[thecodeassassin]

This PR will make tlsConfig on datastores optional. Allowing for the following setups:

• Datastores with TLS (CA + Client Certificates)
• Datastores with TLS (CA only)
• Datastore without TLS Client Certficates (endpoints can still have TLS certificates, just signed by a private or public CA)

This will allow operators to use datastores like PostgreSQL on providers that do not offer client certificates.

[netlify[bot]]

✅ Deploy Preview for kamaji-documentation canceled.

Name	Link
🔨 Latest commit	1b243868ea7295d732cae46ef0461691b282d476
🔍 Latest deploy log	https://app.netlify.com/sites/kamaji-documentation/deploys/663b19acf59a2a0008a3cdd1

[thecodeassassin]

Some minor changes, something I didn't think of is that we have mandatory TLS configuration with etcd.

It would be perfect if we could have a validating webhook for Datastore of etcd kind which requires the struct field.

That is indeed a nice idea, can we introduce this in a future patch? it will require a bit more research on my end.

[thecodeassassin]

When we push this version we need to make sure people upgrade their CRDs otherwise NATS and no-tls configs won't be supported.

[prometherion]

When we push this version we need to make sure people upgrade their CRDs otherwise NATS and no-tls configs won't be supported

No problem for this, we're going to mark minor release both on Kamaji and its Helm Chart, and we'll document this extensively.

[thecodeassassin]

Not sure if I just asked for that or not, we should mark mandatory client-certificates for etcd datastores since we're just supporting that kind of authentication.

Edit: missed this, my bad That is indeed a nice idea, can we introduce this in a future patch? it will require a bit more research on my end.

Should be the case now

[thecodeassassin]

@prometherion should be good now