You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by rx...@apache.org on 2020/12/12 08:34:42 UTC
[pulsar-helm-chart] branch master updated: Allows appending
dnsNames to self-signed certs (#74)
This is an automated email from the ASF dual-hosted git repository.
rxl pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new 6fbda80 Allows appending dnsNames to self-signed certs (#74)
6fbda80 is described below
commit 6fbda8052c1f16c9f41b472d3b0029be3b6ba1b6
Author: Peter Tinti <vo...@gmail.com>
AuthorDate: Sat Dec 12 00:34:35 2020 -0800
Allows appending dnsNames to self-signed certs (#74)
Co-authored-by: Sijie Guo <si...@apache.org>
Fixes inability to validate self-signed certs from external clients
### Motivation
Currently self-signed certificates can only be used inside of the same cluster as they are labeled with internal dns names without the possibility of appending additional values. Some use-cases require the connection of external clients. This PR aims to allow users add additional dnsNames (IP or domain) to the self-signed certificates.
### Modifications
* Adds the ability to add `dnsNames` to self-signed certificates to any component like so:
```yaml
tls:
enabled: true
proxy:
enabled: true
dnsNames:
- test.example.com
```
### Verifying this change
- [x] Make sure that the change passes the CI checks.
---
charts/pulsar/templates/tls-certs-internal.yaml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/charts/pulsar/templates/tls-certs-internal.yaml b/charts/pulsar/templates/tls-certs-internal.yaml
index 8e90da3..ee2ed36 100644
--- a/charts/pulsar/templates/tls-certs-internal.yaml
+++ b/charts/pulsar/templates/tls-certs-internal.yaml
@@ -47,6 +47,7 @@ spec:
dnsNames:
- "*.{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
- "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
+{{ toYaml .Values.tls.proxy.dnsNames | indent 4 }}
# Issuer references are always required.
issuerRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
@@ -84,6 +85,7 @@ spec:
- client auth
# At least one of a DNS Name, USI SAN, or IP address is required.
dnsNames:
+{{ toYaml .Values.tls.broker.dnsNames | indent 4 }}
- "*.{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
- "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
# Issuer references are always required.
@@ -122,6 +124,7 @@ spec:
- server auth
- client auth
dnsNames:
+{{ toYaml .Values.tls.bookkeeper.dnsNames | indent 4 }}
- "*.{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
- "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
# Issuer references are always required.
@@ -160,6 +163,7 @@ spec:
- server auth
- client auth
dnsNames:
+{{ toYaml .Values.tls.autorecovery.dnsNames | indent 4 }}
- "*.{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
- "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
# Issuer references are always required.
@@ -195,6 +199,7 @@ spec:
- server auth
- client auth
dnsNames:
+{{ toYaml .Values.tls.toolset.dnsNames | indent 4 }}
- "*.{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
- "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
# Issuer references are always required.
@@ -230,6 +235,7 @@ spec:
- server auth
- client auth
dnsNames:
+{{ toYaml .Values.tls.zookeeper.dnsNames | indent 4 }}
- "*.{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
- "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
# Issuer references are always required.