Re: [PR] Fix fully-qualified dns name [pulsar-helm-chart]

Mon, 18 May 2026 00:08:07 -0700 


lhotari commented on code in PR #686:
URL: https://github.com/apache/pulsar-helm-chart/pull/686#discussion_r3256938329


##########
charts/pulsar/templates/_certs.tpl:
##########
@@ -107,9 +107,9 @@ spec:
 {{ toYaml .tlsConfig.dnsNames | indent 4 }}
 {{- end }}
     {{- if or (eq .componentConfig.component "broker") (eq 
.componentConfig.component "zookeeper") }}
-    - {{ printf "*.%s-%s-headless.%s.svc.%s" (include "pulsar.fullname" .root) 
.componentConfig.component (include "pulsar.namespace" .root) 
.root.Values.clusterDomain | quote }}
+    - {{ printf "%s-%s-headless.%s.svc.%s" (include "pulsar.fullname" .root) 
.componentConfig.component (include "pulsar.namespace" .root) 
.root.Values.clusterDomain | quote }}
     {{- end }}
-    - {{ printf "*.%s-%s.%s.svc.%s" (include "pulsar.fullname" .root) 
.componentConfig.component (include "pulsar.namespace" .root) 
.root.Values.clusterDomain | quote }}
+    - {{ printf "%s-%s.%s.svc.%s" (include "pulsar.fullname" .root) 
.componentConfig.component (include "pulsar.namespace" .root) 
.root.Values.clusterDomain | quote }}

Review Comment:
   this change is fine



##########
charts/pulsar/templates/_certs.tpl:
##########
@@ -107,9 +107,9 @@ spec:
 {{ toYaml .tlsConfig.dnsNames | indent 4 }}
 {{- end }}
     {{- if or (eq .componentConfig.component "broker") (eq 
.componentConfig.component "zookeeper") }}
-    - {{ printf "*.%s-%s-headless.%s.svc.%s" (include "pulsar.fullname" .root) 
.componentConfig.component (include "pulsar.namespace" .root) 
.root.Values.clusterDomain | quote }}
+    - {{ printf "%s-%s-headless.%s.svc.%s" (include "pulsar.fullname" .root) 
.componentConfig.component (include "pulsar.namespace" .root) 
.root.Values.clusterDomain | quote }}

Review Comment:
   the wildcard name shouldn't be removed. We seem to be missing an integration 
test case where the problem would show up. Hostname verification is most likely 
disabled for ZK connections and proxy->broker connections when TLS is enabled.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to