Feature: disable or enable tls only or non-tls service ports only #17
Assignees
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of the change
We currently create a certificate for you like this:
https://github.com/jessebot/coturn-chart/blob/3e770404a9482b4381e9296951a1a4164173fa18/charts/coturn/values.yaml#L43-L46
That's left over from the chart we forked. We don't even use that value in the two service templates we have 🤦 We should change that to
tls.enabledand allow for antls.existingSecret. Whentls.enabledistrue, we should maybe not allow any unencrypted traffic, so we should not create the unencrypted ports in the services here and here:https://github.com/jessebot/coturn-chart/blob/3e770404a9482b4381e9296951a1a4164173fa18/charts/coturn/templates/service-tcp.yaml#L14-L20
https://github.com/jessebot/coturn-chart/blob/3e770404a9482b4381e9296951a1a4164173fa18/charts/coturn/templates/service-udp.yaml#L14-L20
Likewise if
tls.enabledisfalsewe should not create the tls ports and instead only create the ports above.Benefits
This allows you to be completely secure... or not, without the weird in between, as right now, we create both tls and non-tls ports for both UDP/TCP services.
Possible drawbacks and Additional Comments
I suppose it might make sense to allow for both to be configured? Maybe we also need
coturn.ports.tls.enabledandcoturn.ports.insecure.enabled? 🤔 Open to better names for the values there.Do we even need two services btw? Can we just have one? 🤷
The text was updated successfully, but these errors were encountered: