Open typokign opened 4 years ago
Routhinator
commented
4 years ago I've been thinking on this one, and simple is likely better. Make it so they can just be mounted to a directory and provide a parameter to give the filename/location of the relevant files.
A person can use a volume to mount the certs from certmanager or anywhere else (step-ca?) into the container.
A nice to have would be warnings firing optionally when the certs are nearing their death.
typokign
commented
4 years ago Yep, definitely a higher priority now to have a dead simple fallback like you're suggesting. Since releasing this chart I've been shocked at how much variation there is between different distros (?) of Kubernetes, so there's no way in hell I'll add a new mandatory dependency into the mix.
But cert-manager will be supported as well and highly recommended, because cert-manager is freaking awesome :)
This is going to be pretty difficult, but essential. Since Coturn only runs over UDP, and is not an HTTP server, we can't just set up an Ingress and hope k8s handles everything. Probably need to leverage cert-manager CRDs to auto-create certificates and inject them into the Coturn pod. Coturn may need to be reloaded or restarted when a certificate is renewed as well.
This also unfortunately introduces a hard dependency on cert-manager and will make the chart more difficult to install into a fresh cluster, so maybe investigate overrides or other ways to manually inject a certificate if cert-manager is not installed.