Multitenancy Support for External Certs #1971
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Objective:
To add multi-tenancy support for external certificates
Explanation:
Currently, we only support a single tenant in the operator-ca-tls secret. The manual renewal of the certificate for a single tenant is described in https://github.com/minio/operator/blob/master/docs/cert-manager.md#create-operator-ca-tls-secret. However, a challenge arises when attempting to automate this process for a multi-tenancy architecture. This pull request marks the beginning of a solution. We propose allowing the addition of multiple secrets/certificates, one per tenant. With this enhancement, when renewal is required, we can individually renew each certificate without the need to overwrite or append to a single secret. This approach avoids potential complications and makes debugging and implementation more straightforward. Furthermore, this change maintains backward compatibility, as it introduces a new logic that does not impact the current behavior, already utilized by many users.