search

concourse / concourse-chart

Helm chart to install Concourse
Apache License 2.0
145 stars 175 forks source link

Change Request: Enable Certificate Propogation by Default #294

Open rrileyca opened 2 years ago

rrileyca commented 2 years ago

Overview

As per Concourse documentation, certificate propagation is done by default in the BOSH deployment but not in the helm chart. This causes resources to fail if there is an SSL proxy in between them. Additionally, none of the existing chart features are able to support this (see this issue for more detail: https://github.com/concourse/concourse-chart/issues/293).

Workaround

The helm chart must include (assuming the worker.certsPath is /etc/ssl/certs):

worker:
  certsPath: /etc/ssl/certs
  env:
    - name: CONCOURSE_CERTS_DIR
      value: /etc/ssl/certs

Proposal

I think this should be easier to configure in the chart. Perhaps setting a boolean in the worker like worker.enableCertificatePropagation would be easy enough to create the worker.env variable to the value of Values.secrets.certsPath.

burgerjeffrey commented 5 months ago

+1 , I appreciate you figuring this out.