Skip to content

feat: add support for cert-manager for etcd tls secrets #121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
prometherion merged 3 commits into from
Sep 5, 2025
Merged

feat: add support for cert-manager for etcd tls secrets #121

prometherion merged 3 commits into from
Sep 5, 2025

Conversation

@boebu
Copy link
Contributor

@boebu boebu commented Aug 21, 2025

This PR introduces the option to hand TLS certificate handling to cert-manager by adding the required configuration in helm values:

certManager:
  # -- Enable CertManager for etcd certificates
  enabled: true
  # -- CertManager Issuer to use for the etcd certificates
  issuerRef:
    name: kamaji-etcd-issuer
    kind: ClusterIssuer
    group: cert-manager.io
  # -- CertManager etcd CA validity
  ca:
   validity: 87600h # 10 years

Since etcd supports per-connection TLS reload automatic rotation works without any intervention, except for the CA. CAs must be rotated as of today with a semi-automatic process which includes a rollout restart of all components.

prometherion
prometherion reviewed Aug 25, 2025
View reviewed changes
@prometherion
Copy link
Member

prometherion commented Aug 25, 2025

@boebu unfortunately, we have some conflicts: may I ask you to get those fixed so we can merge this too, please?

@boebu boebu force-pushed the cert-manager-support branch from 5b8fe1c to 69a4930 Compare August 25, 2025 13:45
@boebu
Copy link
Contributor Author

boebu commented Sep 4, 2025

@boebu unfortunately, we have some conflicts: may I ask you to get those fixed so we can merge this too, please?

Conflicts are resolved, is there anything left from your pov?

@prometherion prometherion merged commit 5a49d10 into clastix:master Sep 5, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prometherion prometherion prometherion approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@boebu @prometherion