Re: [PR] feat(tls): support ca type issuer and v1alpha* version cert-manager api [pulsar-helm-chart]

Fri, 13 Dec 2024 06:51:55 -0800 


ericsyh commented on code in PR #561:
URL: https://github.com/apache/pulsar-helm-chart/pull/561#discussion_r1884052082


##########
charts/pulsar/templates/tls-certs-internal.yaml:
##########
@@ -32,27 +32,38 @@ spec:
   secretName: "{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }}"
   duration: "{{ .Values.tls.common.duration }}"
   renewBefore: "{{ .Values.tls.common.renewBefore }}"
+  {{- if eq .Values.certs.internal_issuer.apiVersion "cert-manager.io/v1" }}
   subject:
     organizations:
 {{ toYaml .Values.tls.common.organization | indent 4 }}
+  {{- else }}
+  organization:
+{{ toYaml .Values.tls.common.organization | indent 2 }}
+  {{- end }}
   # The use of the common name field has been deprecated since 2000 and is
   # discouraged from being used.
   commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component 
}}"
   isCA: false
+  {{- if eq .Values.certs.internal_issuer.apiVersion "cert-manager.io/v1" }}
   privateKey:
     size: {{ .Values.tls.common.keySize }}
     algorithm: {{ .Values.tls.common.keyAlgorithm }}
     encoding: {{ .Values.tls.common.keyEncoding }}
+  {{- else }}
+  keySize: {{ .Values.tls.common.keySize }}
+  keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }}
+  keyEncoding: {{ .Values.tls.common.keyEncoding }}
+  {{- end }}
   usages:
     - server auth
     - client auth
   # At least one of a DNS Name, USI SAN, or IP address is required.
   dnsNames:
-    -  "*.{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ 
template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
-    -  "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"

Review Comment:
   Nope, it's not a breaking change cause i just move the position to make the 
format of [proxy certificate 
dnsNames](https://github.com/apache/pulsar-helm-chart/blob/master/charts/pulsar/templates/tls-certs-internal.yaml#L50)
 and [broker certificate 
dnsNames](https://github.com/apache/pulsar-helm-chart/blob/master/charts/pulsar/templates/tls-certs-internal.yaml#L95)
 to be consistent. It doesn't change the logic and technical this change is 
optional. 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to