Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add TLS support to Coturn #5

Open
typokign opened this issue Jan 19, 2020 · 2 comments
Open

Add TLS support to Coturn #5

typokign opened this issue Jan 19, 2020 · 2 comments

Comments

@typokign
Copy link
Owner

This is going to be pretty difficult, but essential. Since Coturn only runs over UDP, and is not an HTTP server, we can't just set up an Ingress and hope k8s handles everything. Probably need to leverage cert-manager CRDs to auto-create certificates and inject them into the Coturn pod. Coturn may need to be reloaded or restarted when a certificate is renewed as well.

This also unfortunately introduces a hard dependency on cert-manager and will make the chart more difficult to install into a fresh cluster, so maybe investigate overrides or other ways to manually inject a certificate if cert-manager is not installed.

@Routhinator
Copy link

I've been thinking on this one, and simple is likely better. Make it so they can just be mounted to a directory and provide a parameter to give the filename/location of the relevant files.

A person can use a volume to mount the certs from certmanager or anywhere else (step-ca?) into the container.

A nice to have would be warnings firing optionally when the certs are nearing their death.

@typokign
Copy link
Owner Author

typokign commented Jun 2, 2020

Yep, definitely a higher priority now to have a dead simple fallback like you're suggesting. Since releasing this chart I've been shocked at how much variation there is between different distros (?) of Kubernetes, so there's no way in hell I'll add a new mandatory dependency into the mix.

But cert-manager will be supported as well and highly recommended, because cert-manager is freaking awesome :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants