You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by rx...@apache.org on 2020/12/12 08:34:42 UTC
[pulsar-helm-chart] branch master updated: Allows appending dnsNames to self-signed certs (#74)

This is an automated email from the ASF dual-hosted git repository.

rxl pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar-helm-chart.git


The following commit(s) were added to refs/heads/master by this push:
     new 6fbda80  Allows appending dnsNames to self-signed certs (#74)
6fbda80 is described below

commit 6fbda8052c1f16c9f41b472d3b0029be3b6ba1b6
Author: Peter Tinti <vo...@gmail.com>
AuthorDate: Sat Dec 12 00:34:35 2020 -0800

    Allows appending dnsNames to self-signed certs (#74)
    
    Co-authored-by: Sijie Guo <si...@apache.org>
    
    Fixes inability to validate self-signed certs from external clients
    
    ### Motivation
    
    Currently self-signed certificates can only be used inside of the same cluster as they are labeled with internal dns names without the possibility of appending additional values. Some use-cases require the connection of external clients. This PR aims to allow users add additional dnsNames (IP or domain) to the self-signed certificates.
    
    ### Modifications
    
    * Adds the ability to add `dnsNames` to self-signed certificates to any component like so:
    
    ```yaml
    tls:
      enabled: true
      proxy:
        enabled: true
        dnsNames:
          - test.example.com
    
    ```
    
    ### Verifying this change
    
    - [x] Make sure that the change passes the CI checks.
---
 charts/pulsar/templates/tls-certs-internal.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/charts/pulsar/templates/tls-certs-internal.yaml b/charts/pulsar/templates/tls-certs-internal.yaml
index 8e90da3..ee2ed36 100644
--- a/charts/pulsar/templates/tls-certs-internal.yaml
+++ b/charts/pulsar/templates/tls-certs-internal.yaml
@@ -47,6 +47,7 @@ spec:
   dnsNames:
     -  "*.{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
     -  "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
+{{ toYaml .Values.tls.proxy.dnsNames | indent 4 }}
   # Issuer references are always required.
   issuerRef:
     name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
@@ -84,6 +85,7 @@ spec:
     - client auth
   # At least one of a DNS Name, USI SAN, or IP address is required.
   dnsNames:
+{{ toYaml .Values.tls.broker.dnsNames | indent 4 }}
     -  "*.{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
     -  "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
   # Issuer references are always required.
@@ -122,6 +124,7 @@ spec:
     - server auth
     - client auth
   dnsNames:
+{{ toYaml .Values.tls.bookkeeper.dnsNames | indent 4 }}
     -  "*.{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
     -  "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
   # Issuer references are always required.
@@ -160,6 +163,7 @@ spec:
     - server auth
     - client auth
   dnsNames:
+{{ toYaml .Values.tls.autorecovery.dnsNames | indent 4 }}
     -  "*.{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
     -  "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
   # Issuer references are always required.
@@ -195,6 +199,7 @@ spec:
     - server auth
     - client auth
   dnsNames:
+{{ toYaml .Values.tls.toolset.dnsNames | indent 4 }}
     -  "*.{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
     -  "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
   # Issuer references are always required.
@@ -230,6 +235,7 @@ spec:
     - server auth
     - client auth
   dnsNames:
+{{ toYaml .Values.tls.zookeeper.dnsNames | indent 4 }}
     -  "*.{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
     -  "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
   # Issuer references are always required.