Feat: Add support for cert-manager #210
Comments
|
Integration with cert-manager would significantly improve the setup. Using self-signed certificates requires manually distributing the CA file to all LDAP consumer services to ensure proper certificate validation. The primary challenge is correctly mapping LDAP hostnames to the ACME domain. For example, issuing a wildcard certificate for *.ldap.example.com (assuming the user owns example.com) allows this certificate to be used across all LDAP instances. The key is to configure the Helm chart to update all LDAP endpoints to use domain names like ldap-0.ldap.example.com or ldap-readonly-0.example.com. However, it's not possible to include internal Kubernetes service names (e.g., ldap-0.ldap-headless.openldap.svc.cluster.local) in an ACME certificate's Subject Alternative Names (SANs), as Let's Encrypt does not issue certificates for such internal domains. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Is your feature request related to a problem? Please describe.
For production environment , it's best to verify the certificate during the replication between each nodes. Currently this is only possible by bringing our own certificate.
Describe the solution you'd like
Add a certificate resource for cert-manager support. Need to input the
issuerRef.dnsNamescan be computed automatically using the services name, headless + replica countThe value could look like :
(Feel free to upvote it, so I can get a sense at how useful it can be :) )
The text was updated successfully, but these errors were encountered: