Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deck sync/diff/dump ignoring --skip-ca-certificates flag deleting sni and certificates each time #914

Open
RobertBarachini opened this issue May 18, 2023 · 3 comments
Open

Deck sync/diff/dump ignoring --skip-ca-certificates flag deleting sni and certificates each time #914

RobertBarachini opened this issue May 18, 2023 · 3 comments

Comments

@RobertBarachini
Copy link

Issue

When running any command which supports the --skip-ca-certificates flag, console output shows deleting sni and deleting certificate which deletes certificates from the running Kong instance. If running ACME in Let's Encrypt's prod mode, this quickly depletes the quota (if you need to sync frequently).

Desired outcome

When using the mentioned flag when syncing (or running other related commands), certificates and sni should not be touched (deleted or dumped to kong.yaml). I do not want to keep them stored in kong.yaml, so dumping them before syncing as a workaround is not an option.

System info

OS: Ubuntu Server 22.04.1 LTS
Deck version: decK v1.19.1 (0d80472)
Kong gateway (Docker): kong/kong-gateway:3.2.2.0
Postgres (Docker): postgres:13
kong.yaml _format_version: "3.0"

Reproduction

These are the steps (tried from scratch):

  1. "Docker run postgres" (from documentation)
  2. "Docker run kong/kong-gateway" (from documentation)
  3. Install decK
  4. Sync base kong.yaml (simple config with ACME plugin configured for the domain)
  5. Trigger certificate creation (using ACME plugin - basic example from documentation with "kong" as storage)
  6. Check validity of config and certificates by visiting my domain (with a service routed to mockbin.org)
  7. Make any arbitrary change to kong.yaml (example: add https under protocols for a dummy service)
  8. Run deck sync --skip-ca-certificates -s config/kong.yaml
  9. The connection to the domain is no longer secure as certificates have been deleted

Other (tested) flags seem to work fine, however --skip-ca-certificates fails to work every single time. I've also inspected the test cases in this codebase, which seems to cover the flag, however I have not had the time to build and debug the project from scratch.
@iamit
Copy link

iamit commented Nov 6, 2023

Anything done with this issue? I have the same problem.

@iamit
Copy link

iamit commented Nov 6, 2023

I updated to the most recent: 1.28.1 deck version, and changed the command to using --skip-ca-certificates=true and still keeps deleting the certificates

@RobertBarachini
Copy link
Author

RobertBarachini commented Nov 6, 2023
edited
Loading

@iamit I'm working on a fix and currently run a locally compiled version which works with our deployment (when running deck sync), however it is not yet consistent with all workflows and I haven't had the time to test them all just yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iamit @RobertBarachini