Skip to content

fix: encode GRAYLOG_HTTP_TLS_KEY_PASSWORD #76

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
monrax wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix: encode GRAYLOG_HTTP_TLS_KEY_PASSWORD #76

monrax wants to merge 2 commits into from

Conversation

@monrax
Copy link
Collaborator

@monrax monrax commented Dec 26, 2025
edited
Loading

Summary

Small fix: encode TLS key password secret field

What changed

  • Apply b64enc to graylog.config.tls.keyPassword in secrets.yaml

Linked issues

This fixes #67

Checklist

  • Tests added/updated
  • Documentation updated
  • This PR includes a new feature
  • This PR includes a bugfix
  • This PR includes a refactor

Testing Checklist

Static Validation

  • Linter check passes: helm lint ./charts/graylog
  • Helm renders local template sucessfully: helm template graylog ./charts/graylog --validate

Installation

  • Fresh installation completes successfully: helm install graylog ./charts/graylog
  • All pods reach Running state: kubectl rollout status statefulset/graylog
  • Helm tests pass: helm test graylog

Functional (if applicable)

  • Web UI accessible and login works
  • DataNodes visible in System > Cluster Configuration
  • Inputs can be created and receive data

Upgrade (if applicable)

  • Upgrade from previous release succeeds
  • Scaling up/down works correctly
  • Configuration changes apply correctly

Specific to this PR

  • Verify the following process can be carried out without errors:

    1. Install normally
    helm install graylog ./charts/graylog -n graylog --create-namespace --set graylog.service.type=LoadBalancer
    1. Add my-graylog.local to your /etc/hosts
    2. Generate a new encrypted cert-key pair
    openssl req -newkey rsa:2048 -keyout tls.key -x509 -days 7 -out tls.crt \
  -subj "/CN=my-graylog.local" -addext "subjectAltName = DNS:*.graylog-svc.graylog.svc.cluster.local"
    1. Create a new secret
    kubectl create secret generic my-tls -n graylog --from-file=tls.key --from-file=tls.crt
    1. Perform upgrade
    helm upgrade graylog ./charts/graylog -n graylog --reuse-values \
  --set graylog.config.tls.enabled=true \
  --set graylog.config.tls.secretName=my-tls \
  --set graylog.config.tls.updateKeyStore=true \
  --set graylog.config.tls.keyPassword=hunter2

Notes for reviewers

  • Verify all tests above pass
  • Sync up with the author before merging
  • The commit history should be preserved - use rebase-merge or standard merge options when applicable

@monrax monrax requested review from alix-graylog and williamtrelawny and removed request for alix-graylog January 8, 2026 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@williamtrelawny williamtrelawny Awaiting requested review from williamtrelawny

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Native TLS key is not base64-encoded

2 participants

@monrax