openobserve / openobserve-helm-chart

Helm charts for OpenObserve
Apache License 2.0
32 stars 30 forks source link

Ingress assumes non-cluster issuer for cert-manager. #60

Open MathiasPius opened 6 months ago

MathiasPius commented 6 months ago

The values.yaml file assumes the built-in letsencrypt issuer is enabled, and breaks if you attempt to use OpenObserve with a ClusterIssuer instead.

https://github.com/openobserve/openobserve-helm-chart/blob/main/charts/openobserve-standalone/values.yaml#L262

Deploying openobserve-standalone with the following values file fails to configure a certificate for the ingress, because both cert-manager.io/cluster-issuer and cert-manager.io/issuer are specified, which causes cert-manager to do nothing, since the configuration is invalid:

ingress:
  annotations:
    # This is an independently deployed ClusterIssuer
    cert-manager.io/cluster-issuer: letsencrypt-production

I believe this specific annotation should be added in the ingress.yaml file itself gated behind the certIssuer.enabled flag, like so:


{{- with .Values.ingress.annotations }}
annotations:
  {{- toYaml . | nindent 4 }}
  {{- if $.Values.certIssuer.enabled }}
  cert-manager.io/issuer: letsencrypt
  {{- end }}
{{- end }}

Or something to that effect.
MathiasPius commented 6 months ago

I found a workaround, by setting cert-manager.io/issuer to null in the values file:

annotations:
  cert-manager.io/issuer: null
PandeoF1 commented 2 weeks ago

Maybe we can do a fix for this issue using your solution ?