[pulsar-helm-chart] branch master updated: Updates internal issuer cert to include duration and renew configs (#131)

Wed, 23 Jun 2021 21:00:29 -0700 

This is an automated email from the ASF dual-hosted git repository.

sijie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar-helm-chart.git


The following commit(s) were added to refs/heads/master by this push:
     new d6d240a  Updates internal issuer cert to include duration and renew 
configs (#131)
d6d240a is described below

commit d6d240a123e82cd0437a1c914110553e4f99847a
Author: Peter Tinti <[email protected]>
AuthorDate: Thu Jun 24 00:00:17 2021 -0400

    Updates internal issuer cert to include duration and renew configs (#131)
    
    ### Motivation
    * While component certs can be configured with a custom duration the CA 
cert for self-signed configuration uses default values. It can be convenient to 
have this certificate expire more than a month out.
    
    ### Modifications
    * Updates the internal issuer `{{ .Release.Name }}-ca-tls` certificate to 
make `duration` and `renewBefore` configurable. Does not use `common` so that 
the CA can be configured to last much longer than individual components certs 
if desired.
    
    ### Verifying this change
    - [x] Make sure that the change passes the CI checks.
---
 charts/pulsar/templates/tls-cert-internal-issuer.yaml | 2 ++
 charts/pulsar/values.yaml                             | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/charts/pulsar/templates/tls-cert-internal-issuer.yaml 
b/charts/pulsar/templates/tls-cert-internal-issuer.yaml
index 6a7d25d..60ac91a 100644
--- a/charts/pulsar/templates/tls-cert-internal-issuer.yaml
+++ b/charts/pulsar/templates/tls-cert-internal-issuer.yaml
@@ -36,6 +36,8 @@ metadata:
 spec:
   secretName: "{{ .Release.Name }}-ca-tls"
   commonName: "{{ template "pulsar.namespace" . }}.svc.{{ 
.Values.clusterDomain }}"
+  duration: "{{ .Values.certs.internal_issuer.duration }}"
+  renewBefore: "{{ .Values.certs.internal_issuer.renewBefore }}"
   usages:
     - server auth
     - client auth
diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml
index dcaf283..1fdca0e 100644
--- a/charts/pulsar/values.yaml
+++ b/charts/pulsar/values.yaml
@@ -260,6 +260,10 @@ certs:
     enabled: false
     component: internal-cert-issuer
     type: selfsigning
+    # 90d
+    duration: 2160h
+    # 15d
+    renewBefore: 360h
   issuers:
     selfsigning:

Reply via email to