-
Notifications
You must be signed in to change notification settings - Fork 284
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add more ingress flexibility in Helm chart #1216
Conversation
Add ingress configuration and add tls options in ingress to avoid using Caddy
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅ |
I have read the CLA Document and I hereby sign the CLA |
This is awesome @Nathanael-Mtd thank you for the contribution! |
Maybe, but I don't think chaining multiple reverse proxy, or adding reverse proxy inside pods are good ideas overall, specifically if there are no added value. Also I think that frontend and backend should be separated in two Pods, and avoiding using statefulset, because in case of replicas > 1, we will have multiple distincts databases running. If you're ok with that, I can make these changes, and also adding an option to keep Caddy as a separate Deployment if you think that's always useful. |
I tell you what: let’s start a different chart for these options: deployment-based, postgres instead of sqlite (to support multiple clients, the backend in this case) and we drop caddy in this flavor. What do you think? |
Seems fine for me, we can keep an option to use SQLite for simple deployments. |
Yup, we can go for a different folder in this repo, ciso-assistant-alt or something like that, and I’ll handle the distribution afterwards. |
Fine, I will create an another PR for the new chart if it's ok for you. ReadWriteMany was just an idea to avoid impossible scalability in case of Statefulset, but to be fair, managing the backend scalability with database is generally a pain 😅 |
To make CISO Assistant more flexible for Kubernetes users, I made some (breaking) changes on the Helm Chart :
I don't think it will be a big pain to migrate chart with these changes.
It will requires using Cert-Manager for automatic letsencrypt/ACME/PKI certificate generation, or just create secret manually alongside the chart deploy.
I will be happy to add custom TLS secret creation from values file if it can help some users to avoid doing manual things.
That PR can probably fix these issues : #1123 #1135