Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Add config validation for Citadel deployment. #13383
Describe the feature request
To avoid such kind of issue, we could enhance our config validation at Galley to guarantee that
It is also recommended to deploy one Citadel per cluster, as Citadel is not running in a critical path. Unless there are special needs, one Citadel is sufficient to provision certificates for all workloads.
referenced this issue
Apr 16, 2019
Regarding to "enhance our config validation at Galley to guarantee that (1) Only one Citadel will be deployed in a cluster; and (2) If multiple Citadels are deployed, command flags --read-signing-cert-only and --server-only are properly set.", currently Galley only validates CRD and doesn't do validation at the deployment level.