Skip to content

Add Keyless SSL "Run with Docker" page + container debug logging note#31852

Open
baubuchon-cf wants to merge 6 commits into
productionfrom
keyless-docker-page
Open

Add Keyless SSL "Run with Docker" page + container debug logging note#31852
baubuchon-cf wants to merge 6 commits into
productionfrom
keyless-docker-page

Conversation

@baubuchon-cf

Copy link
Copy Markdown
Collaborator

What this changes

Adds container/Docker documentation for the Keyless SSL key server (gokeyless), addressing gaps reported by an enterprise customer (T257).

  • New page — Run with Docker (configuration/run-with-docker.mdx): pulling the ghcr.io/cloudflare/gokeyless image, a full KEYLESS_* environment-variable reference, how to configure private keys (config block / --private-key-dirs — not an env var), a runnable docker run example, and serving multiple private keys.
  • Troubleshooting — Enable debug logging: adds a container variant. The existing sudo -u keyless gokeyless --loglevel 0 command assumes a host/systemd install and does not apply in a container (gokeyless is PID 1); documents setting KEYLESS_LOGLEVEL at startup and reading logs via docker logs / kubectl logs.

All environment-variable names, defaults, ports (2407/2406), precedence (flag > env > config), and the private-key mechanism were verified against gokeyless master source (cmd/gokeyless/gokeyless.go).

Documentation checklist

  • The change adheres to the documentation style guide.
  • Changelog entry (n/a — clarifying existing product docs)
  • Redirects (n/a — new page, no moves)

New Keyless SSL Docker page: env-var reference, private-key config, and a runnable example. Verified against gokeyless master source.
@baubuchon-cf baubuchon-cf requested review from a team and elithrar as code owners July 2, 2026 14:17
@cloudflare-docs-bot

cloudflare-docs-bot Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Review

⚠️ 1 warning found in commit 99beaed.

Code Review

This code review is in beta and may not always be helpful — use your judgment.

No code review issues found.

Conventions

Checks PR title, description, and redirect checklist.

No convention issues found.

Style Guide Review

Warnings (1)
File Issue
ssl/keyless-ssl/troubleshooting.mdx line 32 Avoid directional words — Added line uses command above Fix: Replace the host/systemd command above with a direct reference, e.g., the host/systemd gokeyless command

Redirects

No missing redirect entries found.

Commands

Only codeowners can run commands. Post a comment with the command to trigger it.

Command Description
/review Runs a review now. Incremental if a prior review exists, full if not.
/full-review Re-reviews the entire PR diff from scratch, ignoring incremental history. Useful after a rebase, when you want a fresh review, or if the bot gets out of sync and reports issues that no longer exist.
/ignore-review-limit Permanently lifts the 2-review automatic limit for this PR. Future pushes will trigger reviews as normal.
/disable-auto-review Stops automatic reviews from triggering on future pushes to this PR. Codeowners can still run /review or /full-review manually.

@github-actions github-actions Bot added the product:ssl Related to SSL label Jul 2, 2026
@github-actions github-actions Bot added the size/s label Jul 2, 2026
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern Owners
/src/content/docs/ssl/ @baubuchon-cf, @cloudflare/appsec-reviewers, @elithrar, @cloudflare/product-owners

@ask-bonk ask-bonk Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3 style guide items to address before merge.

Comment thread src/content/docs/ssl/keyless-ssl/configuration/run-with-docker.mdx Outdated
Comment thread src/content/docs/ssl/keyless-ssl/configuration/run-with-docker.mdx Outdated
Comment thread src/content/docs/ssl/keyless-ssl/troubleshooting.mdx Outdated
@ask-bonk ask-bonk Bot added documentation Documentation edits content:new Request for new/missing content triage Waiting for a docs team review. labels Jul 2, 2026
@ask-bonk

ask-bonk Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Posted a review with 3 inline suggestions on PR #31852 and applied labels: documentation, product:ssl, content:new, triage.

Verdict: No blockers — the content is technically accurate and the new page fills a real gap. Three minor style-guide items need fixing.

Issues to address:

  • LOWrun-with-docker.mdx:70: Heading uses a gerund ("Serving multiple private keys"). Style guide requires imperative mood for section headings: "Serve multiple private keys".
  • LOWrun-with-docker.mdx:47-50: Bullet list has only 2 items. Style guide says do not use bullets for fewer than three items; rewrite as a sentence.
  • LOWtroubleshooting.mdx:39: Placeholders <container> and <pod> should follow the ALL_CAPS_UNDERSCORES convention: <CONTAINER> and <POD>.

Out-of-scope note: The troubleshooting page contains a pre-existing bash output code block (lines 68–87) that ideally should use txt output, but that is outside this PR's diff.

github run

baubuchon-cf and others added 4 commits July 2, 2026 13:08
….mdx

Co-authored-by: ask-bonk[bot] <249159057+ask-bonk[bot]@users.noreply.github.com>
….mdx

Co-authored-by: ask-bonk[bot] <249159057+ask-bonk[bot]@users.noreply.github.com>
Co-authored-by: ask-bonk[bot] <249159057+ask-bonk[bot]@users.noreply.github.com>
@baubuchon-cf

Copy link
Copy Markdown
Collaborator Author

@elithrar -when you have a moment, could you review for CODEOWNER approval? New "Run with Docker" page + a container debug-logging note in Troubleshooting. All bot checks green; every claim verified against gokeyless master (code-verified, not runtime-tested). Small and self-contained. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

content:new Request for new/missing content documentation Documentation edits product:ssl Related to SSL size/s triage Waiting for a docs team review.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants