Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incompatibility with own CA since helm chart version 25.6.0 #1475

Open
1 task done
boindil opened this issue Sep 24, 2024 · 6 comments
Open
1 task done

Incompatibility with own CA since helm chart version 25.6.0 #1475

boindil opened this issue Sep 24, 2024 · 6 comments

Comments

@boindil
Copy link

boindil commented Sep 24, 2024

Issue submitter TODO list

  • I've searched for an already existing issues here

Describe the bug (actual behavior)

Since sentry-v25.5.1...sentry-v25.6.0 (updating sentry to 24.7.1) own CAs are not working anymore.

Behavior:
getsentry/self-hosted#2950 (happening in web-container as well)

There is a workaround in that ticket, however this would have to be handled by the helm chart with additional initialization scripts.

Expected behavior

No errors

values.yaml

[...]
ingress:
  alb:
    httpRedirect: false
  enabled: true
  regexPathStyle: nginx
  ingressClassName: nginx
  hostname: sentry.hostname.intern
  tls:
    - hosts:
        - sentry.hostname.intern
      secretName: tls-hostname
system:
  adminEmail: admin@xxxx
  public: true
  url: https://sentry.hostname.intern
  secretKey: xxx
[...]

Helm chart version

since 25.6.0

Steps to reproduce

use internally signed CA certificate that is valid for domain

Screenshots

No response

Logs

No response

Additional context

No response
@patsevanton
Copy link
Contributor

I see it in your values.yaml code of ingress. Are you using a self-signed certificate for ingress?

@boindil
Copy link
Author

boindil commented Sep 25, 2024

As stated, we have our own internal CA with is used to issue certificates. Since sentry 24.7.1 it seems that there is the need to add the CA-bundle to these containers (as stated in the linked issue).

I did not find the possibility to do that in this helm chart.

@Mokto
Copy link
Contributor

Mokto commented Oct 26, 2024

This issue is stale because it has been open for 30 days with no activity.

@Mokto Mokto added the stale label Oct 26, 2024
@patsevanton
Copy link
Contributor

Need research

@Mokto Mokto removed the stale label Oct 27, 2024
@Mokto
Copy link
Contributor

Mokto commented Nov 26, 2024

This issue is stale because it has been open for 30 days with no activity.

@Mokto Mokto added the stale label Nov 26, 2024
@patsevanton
Copy link
Contributor

@boindil CA for sentry in container not used you certificate for ingress. This is different certificate.

@Mokto Mokto removed the stale label Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@boindil @Mokto @patsevanton