apache/pulsar-helm-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(certs): use actual v1 spec for certs (#233)

Browse Source 
Co-authored-by: Stepan Mazurov <smazurov@quantummetric.com>

### Motivation

In #204, api version of the cert resources was updated to v1. This was insufficient because `v1` has different spec from `v1alpha1` 

This MR finishes the work that #204 and @lhotari started.

### Modifications

Changed the spec of certs to match v1 cert manager spec.

### Verifying this change

- [ ] Make sure that the change passes the CI checks.
This commit is contained in:
Stepan Mazurov 2022-10-18 14:40:43 -06:00 committed by GitHub
parent 8f1ca065b3
commit 1bcf255e12
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 44 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
charts/pulsar/templates/tls-certs-internal.yaml
View File

@ -31,15 +31,17 @@ spec:
secretName: "{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }}" secretName: "{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }}"
duration: "{{ .Values.tls.common.duration }}" duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}" renewBefore: "{{ .Values.tls.common.renewBefore }}"
organization: subject:
{{ toYaml .Values.tls.common.organization | indent 2 }} organizations:
{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is # The use of the common name field has been deprecated since 2000 and is
# discouraged from being used. # discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
isCA: false isCA: false
keySize: {{ .Values.tls.common.keySize }} privateKey:
keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }} size: {{ .Values.tls.common.keySize }}
keyEncoding: {{ .Values.tls.common.keyEncoding }} algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages: usages:
- server auth - server auth
- client auth - client auth
@ -73,15 +75,17 @@ spec:
secretName: "{{ .Release.Name }}-{{ .Values.tls.broker.cert_name }}" secretName: "{{ .Release.Name }}-{{ .Values.tls.broker.cert_name }}"
duration: "{{ .Values.tls.common.duration }}" duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}" renewBefore: "{{ .Values.tls.common.renewBefore }}"
organization: subject:
{{ toYaml .Values.tls.common.organization | indent 2 }} organizations:
{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is # The use of the common name field has been deprecated since 2000 and is
# discouraged from being used. # discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
isCA: false isCA: false
keySize: {{ .Values.tls.common.keySize }} privateKey:
keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }} size: {{ .Values.tls.common.keySize }}
keyEncoding: {{ .Values.tls.common.keyEncoding }} algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages: usages:
- server auth - server auth
- client auth - client auth
@ -115,15 +119,17 @@ spec:
secretName: "{{ .Release.Name }}-{{ .Values.tls.bookie.cert_name }}" secretName: "{{ .Release.Name }}-{{ .Values.tls.bookie.cert_name }}"
duration: "{{ .Values.tls.common.duration }}" duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}" renewBefore: "{{ .Values.tls.common.renewBefore }}"
organization: subject:
{{ toYaml .Values.tls.common.organization | indent 2 }} organizations:
{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is # The use of the common name field has been deprecated since 2000 and is
# discouraged from being used. # discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
isCA: false isCA: false
keySize: {{ .Values.tls.common.keySize }} privateKey:
keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }} size: {{ .Values.tls.common.keySize }}
keyEncoding: {{ .Values.tls.common.keyEncoding }} algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages: usages:
- server auth - server auth
- client auth - client auth
@ -156,15 +162,17 @@ spec:
secretName: "{{ .Release.Name }}-{{ .Values.tls.autorecovery.cert_name }}" secretName: "{{ .Release.Name }}-{{ .Values.tls.autorecovery.cert_name }}"
duration: "{{ .Values.tls.common.duration }}" duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}" renewBefore: "{{ .Values.tls.common.renewBefore }}"
organization: subject:
{{ toYaml .Values.tls.common.organization | indent 2 }} organizations:
{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is # The use of the common name field has been deprecated since 2000 and is
# discouraged from being used. # discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
isCA: false isCA: false
keySize: {{ .Values.tls.common.keySize }} privateKey:
keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }} size: {{ .Values.tls.common.keySize }}
keyEncoding: {{ .Values.tls.common.keyEncoding }} algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages: usages:
- server auth - server auth
- client auth - client auth
@ -194,15 +202,17 @@ spec:
secretName: "{{ .Release.Name }}-{{ .Values.tls.toolset.cert_name }}" secretName: "{{ .Release.Name }}-{{ .Values.tls.toolset.cert_name }}"
duration: "{{ .Values.tls.common.duration }}" duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}" renewBefore: "{{ .Values.tls.common.renewBefore }}"
organization: subject:
{{ toYaml .Values.tls.common.organization | indent 2 }} organizations:
{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is # The use of the common name field has been deprecated since 2000 and is
# discouraged from being used. # discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
isCA: false isCA: false
keySize: {{ .Values.tls.common.keySize }} privateKey:
keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }} size: {{ .Values.tls.common.keySize }}
keyEncoding: {{ .Values.tls.common.keyEncoding }} algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages: usages:
- server auth - server auth
- client auth - client auth
@ -232,15 +242,17 @@ spec:
secretName: "{{ .Release.Name }}-{{ .Values.tls.zookeeper.cert_name }}" secretName: "{{ .Release.Name }}-{{ .Values.tls.zookeeper.cert_name }}"
duration: "{{ .Values.tls.common.duration }}" duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}" renewBefore: "{{ .Values.tls.common.renewBefore }}"
organization: subject:
{{ toYaml .Values.tls.common.organization | indent 2 }} organizations:
{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is # The use of the common name field has been deprecated since 2000 and is
# discouraged from being used. # discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
isCA: false isCA: false
keySize: {{ .Values.tls.common.keySize }} privateKey:
keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }} size: {{ .Values.tls.common.keySize }}
keyEncoding: {{ .Values.tls.common.keyEncoding }} algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages: usages:
- server auth - server auth
- client auth - client auth

4
charts/pulsar/values.yaml
View File

@ -225,8 +225,8 @@ tls:
organization: organization:
- pulsar - pulsar
keySize: 4096 keySize: 4096
keyAlgorithm: rsa keyAlgorithm: RSA
keyEncoding: pkcs8 keyEncoding: PKCS8
# settings for generating certs for proxy # settings for generating certs for proxy
proxy: proxy:
enabled: false enabled: false