Description of the change
We currently create a certificate for you like this:
https://github.com/jessebot/coturn-chart/blob/3e770404a9482b4381e9296951a1a4164173fa18/charts/coturn/values.yaml#L43-L46
That's left over from the chart we forked. We don't even use that value in the two service templates we have 🤦 We should change that to tls.enabled and allow for an tls.existingSecret. When tls.enabled is true, we should maybe not allow any unencrypted traffic, so we should not create the unencrypted ports in the services here and here:
https://github.com/jessebot/coturn-chart/blob/3e770404a9482b4381e9296951a1a4164173fa18/charts/coturn/templates/service-tcp.yaml#L14-L20
https://github.com/jessebot/coturn-chart/blob/3e770404a9482b4381e9296951a1a4164173fa18/charts/coturn/templates/service-udp.yaml#L14-L20
Likewise if tls.enabled is false we should not create the tls ports and instead only create the ports above.
Benefits
This allows you to be completely secure... or not, without the weird in between, as right now, we create both tls and non-tls ports for both UDP/TCP services.
Possible drawbacks and Additional Comments
I suppose it might make sense to allow for both to be configured? Maybe we also need coturn.ports.tls.enabled and coturn.ports.insecure.enabled? 🤔 Open to better names for the values there.
Do we even need two services btw? Can we just have one? 🤷
Description of the change
We currently create a certificate for you like this:
https://github.com/jessebot/coturn-chart/blob/3e770404a9482b4381e9296951a1a4164173fa18/charts/coturn/values.yaml#L43-L46
That's left over from the chart we forked. We don't even use that value in the two service templates we have 🤦 We should change that to
tls.enabledand allow for antls.existingSecret. Whentls.enabledistrue, we should maybe not allow any unencrypted traffic, so we should not create the unencrypted ports in the services here and here:https://github.com/jessebot/coturn-chart/blob/3e770404a9482b4381e9296951a1a4164173fa18/charts/coturn/templates/service-tcp.yaml#L14-L20
https://github.com/jessebot/coturn-chart/blob/3e770404a9482b4381e9296951a1a4164173fa18/charts/coturn/templates/service-udp.yaml#L14-L20
Likewise if
tls.enabledisfalsewe should not create the tls ports and instead only create the ports above.Benefits
This allows you to be completely secure... or not, without the weird in between, as right now, we create both tls and non-tls ports for both UDP/TCP services.
Possible drawbacks and Additional Comments
I suppose it might make sense to allow for both to be configured? Maybe we also need
coturn.ports.tls.enabledandcoturn.ports.insecure.enabled? 🤔 Open to better names for the values there.Do we even need two services btw? Can we just have one? 🤷