You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2022/10/18 20:40:49 UTC
[pulsar-helm-chart] branch master updated: feat(certs): use actual v1 spec for certs (#233)
This is an automated email from the ASF dual-hosted git repository.
mmarshall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new 1bcf255 feat(certs): use actual v1 spec for certs (#233)
1bcf255 is described below
commit 1bcf255e121da6c0248eb12056095522aa1aa273
Author: Stepan Mazurov <sm...@gmail.com>
AuthorDate: Tue Oct 18 14:40:43 2022 -0600
feat(certs): use actual v1 spec for certs (#233)
Co-authored-by: Stepan Mazurov <sm...@quantummetric.com>
### Motivation
In #204, api version of the cert resources was updated to v1. This was insufficient because `v1` has different spec from `v1alpha1`
This MR finishes the work that #204 and @lhotari started.
### Modifications
Changed the spec of certs to match v1 cert manager spec.
### Verifying this change
- [ ] Make sure that the change passes the CI checks.
---
charts/pulsar/templates/tls-certs-internal.yaml | 72 ++++++++++++++-----------
charts/pulsar/values.yaml | 4 +-
2 files changed, 44 insertions(+), 32 deletions(-)
diff --git a/charts/pulsar/templates/tls-certs-internal.yaml b/charts/pulsar/templates/tls-certs-internal.yaml
index a766b3d..1fc4aed 100644
--- a/charts/pulsar/templates/tls-certs-internal.yaml
+++ b/charts/pulsar/templates/tls-certs-internal.yaml
@@ -31,15 +31,17 @@ spec:
secretName: "{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
- organization:
-{{ toYaml .Values.tls.common.organization | indent 2 }}
+ subject:
+ organizations:
+{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
isCA: false
- keySize: {{ .Values.tls.common.keySize }}
- keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }}
- keyEncoding: {{ .Values.tls.common.keyEncoding }}
+ privateKey:
+ size: {{ .Values.tls.common.keySize }}
+ algorithm: {{ .Values.tls.common.keyAlgorithm }}
+ encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
@@ -73,15 +75,17 @@ spec:
secretName: "{{ .Release.Name }}-{{ .Values.tls.broker.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
- organization:
-{{ toYaml .Values.tls.common.organization | indent 2 }}
+ subject:
+ organizations:
+{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
isCA: false
- keySize: {{ .Values.tls.common.keySize }}
- keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }}
- keyEncoding: {{ .Values.tls.common.keyEncoding }}
+ privateKey:
+ size: {{ .Values.tls.common.keySize }}
+ algorithm: {{ .Values.tls.common.keyAlgorithm }}
+ encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
@@ -115,15 +119,17 @@ spec:
secretName: "{{ .Release.Name }}-{{ .Values.tls.bookie.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
- organization:
-{{ toYaml .Values.tls.common.organization | indent 2 }}
+ subject:
+ organizations:
+{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
isCA: false
- keySize: {{ .Values.tls.common.keySize }}
- keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }}
- keyEncoding: {{ .Values.tls.common.keyEncoding }}
+ privateKey:
+ size: {{ .Values.tls.common.keySize }}
+ algorithm: {{ .Values.tls.common.keyAlgorithm }}
+ encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
@@ -156,15 +162,17 @@ spec:
secretName: "{{ .Release.Name }}-{{ .Values.tls.autorecovery.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
- organization:
-{{ toYaml .Values.tls.common.organization | indent 2 }}
+ subject:
+ organizations:
+{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
isCA: false
- keySize: {{ .Values.tls.common.keySize }}
- keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }}
- keyEncoding: {{ .Values.tls.common.keyEncoding }}
+ privateKey:
+ size: {{ .Values.tls.common.keySize }}
+ algorithm: {{ .Values.tls.common.keyAlgorithm }}
+ encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
@@ -194,15 +202,17 @@ spec:
secretName: "{{ .Release.Name }}-{{ .Values.tls.toolset.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
- organization:
-{{ toYaml .Values.tls.common.organization | indent 2 }}
+ subject:
+ organizations:
+{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
isCA: false
- keySize: {{ .Values.tls.common.keySize }}
- keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }}
- keyEncoding: {{ .Values.tls.common.keyEncoding }}
+ privateKey:
+ size: {{ .Values.tls.common.keySize }}
+ algorithm: {{ .Values.tls.common.keyAlgorithm }}
+ encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
@@ -232,15 +242,17 @@ spec:
secretName: "{{ .Release.Name }}-{{ .Values.tls.zookeeper.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
- organization:
-{{ toYaml .Values.tls.common.organization | indent 2 }}
+ subject:
+ organizations:
+{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
isCA: false
- keySize: {{ .Values.tls.common.keySize }}
- keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }}
- keyEncoding: {{ .Values.tls.common.keyEncoding }}
+ privateKey:
+ size: {{ .Values.tls.common.keySize }}
+ algorithm: {{ .Values.tls.common.keyAlgorithm }}
+ encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml
index 76b368d..a602edb 100644
--- a/charts/pulsar/values.yaml
+++ b/charts/pulsar/values.yaml
@@ -225,8 +225,8 @@ tls:
organization:
- pulsar
keySize: 4096
- keyAlgorithm: rsa
- keyEncoding: pkcs8
+ keyAlgorithm: RSA
+ keyEncoding: PKCS8
# settings for generating certs for proxy
proxy:
enabled: false