fonoster / routr

⚡ The future of programmable SIP servers.
https://routr.io
MIT License
1.42k stars 147 forks source link

Missing default self-signed certificates in helm deployment when using tlsOn=true #206

Closed psanders closed 1 year ago

psanders commented 1 year ago

Describe the bug

When setting tlsOn=true using the official helm chart, the system does not default to self-signed certificates. This can lead to an insecure setup or the need for manual configurations that aren't explicitly documented.

To Reproduce

Steps to reproduce the behavior:

  1. Install Routr using the official helm
  2. Observe that the TLS configuration is not applied.
  3. Also, observe that Edgeport issues the error "found at least one secure protocol which requires setting the .spec.securityContext"

Expected behavior

When apiserver.tlsOn=true:

The system should default to generating and using self-signed certificates for the APIServer.

When edgeport.transport.tls.enabled=true (Same applies for wss transport)

The system should default to generate and using self-signed certificates for the EdgePort.

There should be documentation available to guide users on how to manually create and add certificates.

Screenshots

NA

System information (please complete the following):

Environment: Helm + K8s

Additional context

We're already defaulting to self-signed certificates for the docker-compose deployment. We should be able to reuse some of that work.

psanders commented 1 year ago

I've updated the issue to cover only self-signed certificates. Supporting Let’s Encrypt is a bigger task and will be addressed in a separate issue.

wfzelle commented 1 year ago

Sounds good.

psanders commented 1 year ago

We are all set here https://github.com/fonoster/routr/pull/213