feat(certs): use actual v1 spec for certs (#233)

Co-authored-by: Stepan Mazurov <smazurov@quantummetric.com> ### Motivation In #204, api version of the cert resources was updated to v1. This was insufficient because `v1` has different spec from `v1alpha1` This MR finishes the work that #204 and @lhotari started. ### Modifications Changed the spec of certs to match v1 cert manager spec. ### Verifying this change - [ ] Make sure that the change passes the CI checks.
2022-10-18 14:40:43 -06:00 · 2022-10-18 14:40:43 -06:00 · 1bcf255e12
commit 1bcf255e12
parent 8f1ca065b3
2 changed files with 44 additions and 32 deletions
--- a/charts/pulsar/templates/tls-certs-internal.yaml
+++ b/charts/pulsar/templates/tls-certs-internal.yaml
@ -31,15 +31,17 @@ spec:
  secretName: "{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }}"
  duration: "{{ .Values.tls.common.duration }}"
  renewBefore: "{{ .Values.tls.common.renewBefore }}"
-  organization:
-{{ toYaml .Values.tls.common.organization | indent 2 }}
+  subject:
+    organizations:
+{{ toYaml .Values.tls.common.organization | indent 4 }}
  # The use of the common name field has been deprecated since 2000 and is
  # discouraged from being used.
  commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
  isCA: false
-  keySize: {{ .Values.tls.common.keySize }}
-  keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }}
-  keyEncoding: {{ .Values.tls.common.keyEncoding }}
+  privateKey:
+    size: {{ .Values.tls.common.keySize }}
+    algorithm: {{ .Values.tls.common.keyAlgorithm }}
+    encoding: {{ .Values.tls.common.keyEncoding }}
  usages:
    - server auth
    - client auth
@ -73,15 +75,17 @@ spec:
  secretName: "{{ .Release.Name }}-{{ .Values.tls.broker.cert_name }}"
  duration: "{{ .Values.tls.common.duration }}"
  renewBefore: "{{ .Values.tls.common.renewBefore }}"
-  organization:
-{{ toYaml .Values.tls.common.organization | indent 2 }}
+  subject:
+    organizations:
+{{ toYaml .Values.tls.common.organization | indent 4 }}
  # The use of the common name field has been deprecated since 2000 and is
  # discouraged from being used.
  commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
  isCA: false
-  keySize: {{ .Values.tls.common.keySize }}
-  keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }}
-  keyEncoding: {{ .Values.tls.common.keyEncoding }}
+  privateKey:
+    size: {{ .Values.tls.common.keySize }}
+    algorithm: {{ .Values.tls.common.keyAlgorithm }}
+    encoding: {{ .Values.tls.common.keyEncoding }}
  usages:
    - server auth
    - client auth
@ -115,15 +119,17 @@ spec:
  secretName: "{{ .Release.Name }}-{{ .Values.tls.bookie.cert_name }}"
  duration: "{{ .Values.tls.common.duration }}"
  renewBefore: "{{ .Values.tls.common.renewBefore }}"
-  organization:
-{{ toYaml .Values.tls.common.organization | indent 2 }}
+  subject:
+    organizations:
+{{ toYaml .Values.tls.common.organization | indent 4 }}
  # The use of the common name field has been deprecated since 2000 and is
  # discouraged from being used.
  commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
  isCA: false
-  keySize: {{ .Values.tls.common.keySize }}
-  keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }}
-  keyEncoding: {{ .Values.tls.common.keyEncoding }}
+  privateKey:
+    size: {{ .Values.tls.common.keySize }}
+    algorithm: {{ .Values.tls.common.keyAlgorithm }}
+    encoding: {{ .Values.tls.common.keyEncoding }}
  usages:
    - server auth
    - client auth
@ -156,15 +162,17 @@ spec:
  secretName: "{{ .Release.Name }}-{{ .Values.tls.autorecovery.cert_name }}"
  duration: "{{ .Values.tls.common.duration }}"
  renewBefore: "{{ .Values.tls.common.renewBefore }}"
-  organization:
-{{ toYaml .Values.tls.common.organization | indent 2 }}
+  subject:
+    organizations:
+{{ toYaml .Values.tls.common.organization | indent 4 }}
  # The use of the common name field has been deprecated since 2000 and is
  # discouraged from being used.
  commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
  isCA: false
-  keySize: {{ .Values.tls.common.keySize }}
-  keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }}
-  keyEncoding: {{ .Values.tls.common.keyEncoding }}
+  privateKey:
+    size: {{ .Values.tls.common.keySize }}
+    algorithm: {{ .Values.tls.common.keyAlgorithm }}
+    encoding: {{ .Values.tls.common.keyEncoding }}
  usages:
    - server auth
    - client auth
@ -194,15 +202,17 @@ spec:
  secretName: "{{ .Release.Name }}-{{ .Values.tls.toolset.cert_name }}"
  duration: "{{ .Values.tls.common.duration }}"
  renewBefore: "{{ .Values.tls.common.renewBefore }}"
-  organization:
-{{ toYaml .Values.tls.common.organization | indent 2 }}
+  subject:
+    organizations:
+{{ toYaml .Values.tls.common.organization | indent 4 }}
  # The use of the common name field has been deprecated since 2000 and is
  # discouraged from being used.
  commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
  isCA: false
-  keySize: {{ .Values.tls.common.keySize }}
-  keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }}
-  keyEncoding: {{ .Values.tls.common.keyEncoding }}
+  privateKey:
+    size: {{ .Values.tls.common.keySize }}
+    algorithm: {{ .Values.tls.common.keyAlgorithm }}
+    encoding: {{ .Values.tls.common.keyEncoding }}
  usages:
    - server auth
    - client auth
@ -232,15 +242,17 @@ spec:
  secretName: "{{ .Release.Name }}-{{ .Values.tls.zookeeper.cert_name }}"
  duration: "{{ .Values.tls.common.duration }}"
  renewBefore: "{{ .Values.tls.common.renewBefore }}"
-  organization:
-{{ toYaml .Values.tls.common.organization | indent 2 }}
+  subject:
+    organizations:
+{{ toYaml .Values.tls.common.organization | indent 4 }}
  # The use of the common name field has been deprecated since 2000 and is
  # discouraged from being used.
  commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
  isCA: false
-  keySize: {{ .Values.tls.common.keySize }}
-  keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }}
-  keyEncoding: {{ .Values.tls.common.keyEncoding }}
+  privateKey:
+    size: {{ .Values.tls.common.keySize }}
+    algorithm: {{ .Values.tls.common.keyAlgorithm }}
+    encoding: {{ .Values.tls.common.keyEncoding }}
  usages:
    - server auth
    - client auth
--- a/charts/pulsar/values.yaml
+++ b/charts/pulsar/values.yaml
@ -225,8 +225,8 @@ tls:
    organization:
      - pulsar
    keySize: 4096
-    keyAlgorithm: rsa
-    keyEncoding: pkcs8
+    keyAlgorithm: RSA
+    keyEncoding: PKCS8
  # settings for generating certs for proxy
  proxy:
    enabled: false