Skip to content

feat: support trusted CA certificates in RestateCluster#111

Merged
lukebond merged 1 commit intomainfrom
feat/trusted-ca-certs
Mar 27, 2026
Merged

feat: support trusted CA certificates in RestateCluster#111
lukebond merged 1 commit intomainfrom
feat/trusted-ca-certs

Conversation

@lukebond
Copy link
Copy Markdown
Contributor

@lukebond lukebond commented Mar 26, 2026

closes #110

  • add trustedCaCerts field to spec.security referencing Secrets containing PEM-encoded CA certs
  • add init container that concatenates system CA bundle with custom certs into a single file
  • set SSL_CERT_FILE on the restate container to point to the combined bundle
  • use the canary image (not the restate image) for the init container
  • hash secret references as a pod annotation to trigger rollout on config change
  • update CRD, pkl schema, README, and release notes

@lukebond
feat: support trusted CA certificates in RestateCluster
836b356 
- add `trustedCaCerts` field to `spec.security` referencing Secrets containing PEM-encoded CA certs
- add init container that concatenates system CA bundle with custom certs into a single file
- set `SSL_CERT_FILE` on the restate container to point to the combined bundle
- use the canary image (not the restate image) for the init container
- hash secret references as a pod annotation to trigger rollout on config change
- update CRD, pkl schema, README, and release notes
tillrohrmann
tillrohrmann approved these changes Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@tillrohrmann tillrohrmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work @lukebond :-) LGTM. +1 for merging.

pcholakov
pcholakov approved these changes Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@pcholakov pcholakov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@lukebond lukebond merged commit c133a22 into main Mar 27, 2026
2 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Mar 27, 2026
@lukebond lukebond deleted the feat/trusted-ca-certs branch March 27, 2026 09:11
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@pcholakov pcholakov pcholakov approved these changes

@tillrohrmann tillrohrmann tillrohrmann approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

support user-provided root certs to be added to restate's trust

3 participants

@lukebond @pcholakov @tillrohrmann