search

webrecorder / browsertrix

Browsertrix is the hosted, high-fidelity, browser-based crawling service from Webrecorder designed to make web archiving easier and more accessible for all!
https://webrecorder.net/browsertrix
GNU Affero General Public License v3.0
201 stars 35 forks source link

Adding secret into ingress template #2085

Open gitreich opened 2 months ago

gitreich commented 2 months ago

For manually adding a secret for a tls of another authority then Let's Encrypt See https://github.com/webrecorder/browsertrix/issues/2077 Fix for frontend&backend ingress Still open: auth-signer is not using the same secret

ikreymer commented 1 month ago

Thanks for starting this! I was thinking we'd want to actually have the secret be created as part of the Helm chart, from the key and cert files themselves, eg something like:

...
tls: true
tlsCert: <path/to/cert>
tlsKey: <path/to/key>

and then adding a Secret definition in secrets.yaml that creates the secret from these files. But, I think that does mean the cert and key files need to be in the same directory as the chart, which may be less than ideal...

I guess providing a separate Secret might be easy enough, given that the user is responsible for managing it.

For authsign, I think it'll need to be updated, since it doesn't really support working with external certs or k8s secrets at the moment.