apache/pulsar-helm-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates internal issuer cert to include duration and renew configs (#131)

Browse Source 
### Motivation
* While component certs can be configured with a custom duration the CA cert for self-signed configuration uses default values. It can be convenient to have this certificate expire more than a month out.

### Modifications
* Updates the internal issuer `{{ .Release.Name }}-ca-tls` certificate to make `duration` and `renewBefore` configurable. Does not use `common` so that the CA can be configured to last much longer than individual components certs if desired.

### Verifying this change
- [x] Make sure that the change passes the CI checks.
This commit is contained in:
Peter Tinti 2021-06-24 00:00:17 -04:00 committed by GitHub
parent 6d0db35216
commit d6d240a123
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
charts/pulsar/templates/tls-cert-internal-issuer.yaml
View File

@ -36,6 +36,8 @@ metadata:
spec: spec:
secretName: "{{ .Release.Name }}-ca-tls" secretName: "{{ .Release.Name }}-ca-tls"
commonName: "{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}" commonName: "{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
duration: "{{ .Values.certs.internal_issuer.duration }}"
renewBefore: "{{ .Values.certs.internal_issuer.renewBefore }}"
usages: usages:
- server auth - server auth
- client auth - client auth

4
charts/pulsar/values.yaml
View File

@ -260,6 +260,10 @@ certs:
enabled: false enabled: false
component: internal-cert-issuer component: internal-cert-issuer
type: selfsigning type: selfsigning
# 90d
duration: 2160h
# 15d
renewBefore: 360h
issuers: issuers:
selfsigning: selfsigning: