I have the mender server installed in AWS in a kubernetes cluster which is working well. The challenge I have is when the cert-manager renews the tls certificate I have to manually update the certificate for the api-gateway. I see there is an option (api_gateway.certs.existingSecret
) for the helm chart to use an existing secret but the expected keys (cert.crt
and private.key
) are different from the cert-manager generated secret (tls.crt
and tls.key
). Is it possible to modify the expected keys so that they match the cert-manager secret? That would remove the manual step to update the api-gateway cert as it could reference the cert-manager secret. If not, do you have any recommendations on how to automate the api-gateway cert renewal?
Hi @neileeyo ,
luckily a nice contribution is addressing your need: Switch api-gateway tls certificate to k8s tls type by chriswiggins · Pull Request #443 · mendersoftware/mender-helm · GitHub
I’ll get back to you as soon as this is released
1 Like
Excellent. That’s exactly what I need. Thank you for the follow up @robgio!
Actually, just wait a bit it turned out to be a breaking change, so we’re reworking it
1 Like
Any possibility that this change (in it’s non breaking form) could be cherry picked onto mender-5.12.0 helm release?
Yes, I think so. The 5.x branch is the default for the still supported Mender Server v3.7
1 Like
Hi @neileeyo , you can try with the new fresh version 5.13.0.
@robgio that’s great! Thank you for following up. I’ll be testing that today.