Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow specifying the name of a TLS secret for the Ingress to support TLS termination at the Ingress #268

Closed
thelabdude opened this issue May 7, 2021 · 2 comments · Fixed by #293
Closed

Allow specifying the name of a TLS secret for the Ingress to support TLS termination at the Ingress #268

thelabdude opened this issue May 7, 2021 · 2 comments · Fixed by #293
Assignees
@HoustonPutman
Labels
security TLS or Auth for Solr
Milestone
v0.4.0

Comments

@thelabdude
Copy link
Contributor

Currently, the operator doesn't support TLS termination at the Ingress. Users can configure TLS all the way through from Ingress to Solr pods and between them. This would be an easy enhancement, but requires adding a field to the solrAddressability.external struct to hold the TLS secret name so that we can configure the Ingess with:

spec:
  tls:
    - hosts:
      - foo.bar.com
      # This assumes tls-secret exists and the SSL
      # certificate contains a CN for foo.bar.com
      secretName: tls-secret

see: https://kubernetes.github.io/ingress-nginx/examples/tls-termination/

In the meantime, users will need to create their own Ingress instead of using the one created by the operator.
@thelabdude thelabdude mentioned this issue May 7, 2021
Merged
@thelabdude thelabdude added this to the main (v0.4.0) milestone May 7, 2021
@jdesroch
Copy link

Related request. Allow custom annotations on Ingress so that cert-manager can create the tls secret. Not sure if this should be a separate issue.
https://cert-manager.io/docs/usage/ingress/

@HoustonPutman
Copy link
Contributor

@jdesroch , you should be able to do this via:

SolrCloud.spec.customSolrKubeOptions.ingressOptions.annotations

@HoustonPutman HoustonPutman added the security TLS or Auth for Solr label Jul 14, 2021
@HoustonPutman HoustonPutman mentioned this issue Jul 20, 2021
Merged
@HoustonPutman HoustonPutman self-assigned this Aug 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@HoustonPutman HoustonPutman

Labels
security TLS or Auth for Solr
Projects
None yet
Milestone
v0.4.0
Development

Successfully merging a pull request may close this issue.

Add option for Ingress TLS termination for SolrCloud. HoustonPutman/solr-operator
3 participants
@thelabdude @jdesroch @HoustonPutman