This is on topic for this thread because OP's problem is the same: home user needs SSL and bought into the sales pitch that TrueCharts/Traefik offers that, when in reality what they need is impossible.
Which is not true: Every bought domain can be linked to either route53 and cloudflare to make use of Letsencrypt using DNS01 ACME.
Besides there, there is the command line script by
@danb35 that allows more custom certificate providers.
This initial premise you keep repeating "Its impossible", is simply not true.
It's only impossible because you keep adding additional limitations into the mix.
If it's fine for home users, then why not offer it for those folks? I did implement it, it's literally a dozen lines. Feel free to make it non-default with a warning that it's for home use only.
Because we have determined that it did not give the stability we aim for and there are multiple other solutions in the market (either using SCALE Certificates or the go-to solution CertManager) that do give the correct solution, stability and user experience.
We have limited GUI space available and limited manpower to support these features.
You always have been free to submit a PR and somehow offer yourself up to respond on any support requests that come from this addition. because we do not want to offer support for this feature. You severely underestimate how much effort goes into testing and support.
We simply are conservative in making needless additions into our core framework. As we feel that those Apps deserve a higher stability than the rest.
If Traefik quality is the problem you can offer Caddy as an ingress controller as well.
https://github.com/caddyserver/ingress
No reason both can't be supported.
One big reason: We're not a big company with vast resources.
If you want it: PR it and please also describe in the PR, how you expect to support it the next 2 years as well. (as Caddy-Ingress is kinda niche, we don't have staff running this)
Also I don't understand why you keep bringing up Cert Manager when you explicitly removed it.
https://github.com/truecharts/charts/issues/189
That's literally the only information about TrueCharts and Cert Manager that I can find. This "you're doing it wrong, but we won't point you in the right direction" isn't helpful.
Because our Helm Charts still work with it. Just like our Traefik deployment does.
We just don't have the manpower to also port CertManager to SCALE.
You seem to misunderstand our project a bit:
We build Helm Charts and also port most of those to TrueNAS SCALE Apps, albeit with a limited feature set.
We've pointed you into multiple right directions, as did
@danb35.
His script, just using the two DNS providers (which support nearly all domain names Letsencrypt support) or building yourself something using CertManager.
We did however, confirm that we should expose secret names for certificates in the SCALE GUI, as we feel that is a valid request.
See: We do read into your wishes, but we're also not going to spend developement hours to completely add your niche setup into our project.
As for home/small org, here's some free Product advice. Easy SSL is far important than all the reasons against offering it I've read so far (breaks with HA, don't want to mount a volume (seriously??), upstream only supports it for home).
The Go-To solution for home users is using SCALE Certificates with Letsencrypt through DNS with Cloudflare or Route53. Both are freely available for any domain and natively integrated into the system. Your idea is the "hard way" of doing things on SCALE, which is not great advice for home users.
Our reasons are valid, because your request "easy ssl" is already offered by using SCALE certificates with letsencrypt. The feature simply already exists. We do not want to add an alternative we need to maintain ourselves, which HAS downsides, when there is a better alternative for homeusers already available.
Going from stateless setups to mounting persistence is a HUGE change, if you don't understand that... You shouldn't start arguing with kubernetes developers really.
True. But you've also stated that you make decisions on what to expose to your users. Heck this entire thread is about that very thing. The upstream has a feature, and you think your users shouldn't use it. You're entitled to that opinion, but as a user I'd rather not be subject to your very strong opinions when it goes against my needs.
Changes about TrueCharts are made within our own community, not this forums. We're simply here to explain our choices, but our choices are not actually going to change based on threads like these. That might seem like we have "strong opinions", but it's just that we aren't here to take any requests at all. Just to explain things.
If you want things to change, the best way is to file PR's and/or discuss thing with our staff and devs (available on discord, primarily).
There are a lot of "if's" when you add features:
For example: Who is going to provide support?
But also: If we add this, it does not mean it also makes it through to the SCALE GUI, the SCALE GUI we offer is not intended to include each and every feature (as it would become incredibly bloaty with a few hunderd features included)
More free Product advice: Make a case for why a TrueCharts app is better than the alternatives. "We're not any worse" isn't a selling point.
As far as I can see, these are the general TrueCharts benefits:
- Someone got this to work on TrueNAS, so it's a form of config validation
- Ingress setup for people who find this important.
- VPN setup for any app.
- Charts can expose ports below 9000
- A nice icon in the apps menu.
How about some apps take hunderds of hours to build? With carefully constructed database connections included and such?
Some Helm charts are super easy to build, but a lot are definately not.
you just have played with things that are relatively easy to deploy on SCALE yourself, but you can take our word for it that a lot of Apps take an incredible time to build. With some running 3 or more different containers.
You said plain Helm charts are not officially supported:
Is it possible to install a helm chart directly via the command line on TrueNAS Scale? Any tutorials on how to do that? Also curious, will a manually installed helm chart show up in the GUI like other apps? Thanks, Harry
www.truenas.com
I think you don't understand what TrueCharts is....
We are a project that primarily build Helm Charts and offer a limited subset(!) of the features as SCALE Apps as well.
Our advice, at this stage, is always to use native helm if you want thorough customisation options.
We're very vocal that we think SCALE should include custom YAML inclusion options to expose more of the power of Helm on SCALE as well and we also have a Jira ticket open about that.
However, when the TrueCharts solution is "use native helm", that's what we can offer for your. It's within the scope of our project to offer Helm Charts.
Please remember: We're a seperate project and don't only work on SCALE related things. A LOT of our features are not available inside the SCALE GUI yet.
We're always open for feedback, but we are here just to explain ourselves and point people in the right direction. If you want to discuss things with our developers and users byond getting an explaination from us, you really have to reach out to our community directly.
In short:
Our current policy is that we do not want this feature and no one has submitted a PR for this to our project (and a proposal how support on this is going to be handled) to review either. If you want to discuss this policy, please reach out to our community directly.
We're going to leave it at this, as we feel we've explained everything there is to explain by now. What you want is a policy change, for which this is not the place.