SSL to PFSense?

[ck3mp]

Is it possible to supply the cert to the deployment to have SSL to PFSense?

Unable to enable crypto on TCP connection 192.168.2.1: make sure the "sslcafile" or "sslcapath" option are properly set for the environment.

[travisghansen]

I think this could be added relatively easily by introducing some new env vars. Relevant code/location would likely be right here: https://github.com/travisghansen/kubernetes-pfsense-controller/blob/master/controller.php#L41

[travisghansen]

What did you end up doing?

[ck3mp]

Hi, sorry for the delay, I ended up not using it. I'm not proficient in PHP so gave it a miss! However I discovered a bug were "-" in the password will break the login while trying to look at this...

[travisghansen]

Interesting. Did you at least confirm functionality with PFSENSE_INSECURE="true"? I'll re-open this so it can be addressed eventually anyway.

[ck3mp]

Using insecure while having a "-" in the PW caused the login to fail also. Once I changed the PW to no special chars it started working fine with no other config changes. (I didn't test chars other than -)

[travisghansen]

Understood, that's likely a pfSense bug honestly. Did you get the functionality of the integration to work as desired though?

[ck3mp]

Yep, this is working perfectly in my cluster now and doing exactly as I need. Thanks for developing it! I have a few small ideas; I was thinking to share them as a new Issue/Feature request? But if I find time Ill also try do them myself and PR (will require me to learn some php!)

[travisghansen]

Glad to hear it's working well. Feel free to open new issues for new feature requests. This issue should be pretty easy to implement but I still won't have time probably until the new year :(

[travisghansen]

Implemented in v0.5.11: https://github.com/travisghansen/kubernetes-pfsense-controller/blob/master/.env.example#L5-L6

Inject your CA file and use PFSENSE_SSLCAFILE should do the trick.