search

sentry-kubernetes / charts

Easily deploy Sentry on your Kubernetes Cluster
MIT License
1.07k stars 506 forks source link

Incompatibility with own CA since helm chart version 25.6.0 #1475

Open boindil opened 1 week ago

boindil commented 1 week ago

Issue submitter TODO list

Describe the bug (actual behavior)

Since https://github.com/sentry-kubernetes/charts/compare/sentry-v25.5.1...sentry-v25.6.0 (updating sentry to 24.7.1) own CAs are not working anymore.

Behavior: https://github.com/getsentry/self-hosted/issues/2950 (happening in web-container as well)

There is a workaround in that ticket, however this would have to be handled by the helm chart with additional initialization scripts.

Expected behavior

No errors

values.yaml

[...]
ingress:
  alb:
    httpRedirect: false
  enabled: true
  regexPathStyle: nginx
  ingressClassName: nginx
  hostname: sentry.hostname.intern
  tls:
    - hosts:
        - sentry.hostname.intern
      secretName: tls-hostname
system:
  adminEmail: admin@xxxx
  public: true
  url: https://sentry.hostname.intern
  secretKey: xxx
[...]

Helm chart version

since 25.6.0

Steps to reproduce

use internally signed CA certificate that is valid for domain

Screenshots

No response

Logs

No response

Additional context

No response

patsevanton commented 1 week ago

I see it in your values.yaml code of ingress. Are you using a self-signed certificate for ingress?

boindil commented 1 week ago

As stated, we have our own internal CA with is used to issue certificates. Since sentry 24.7.1 it seems that there is the need to add the CA-bundle to these containers (as stated in the linked issue).

I did not find the possibility to do that in this helm chart.