Release 2024.2.2.0-b58: [BACKPORT_2024.2][PLAT-16580]Support for cert manager Custom issuer · yugabyte/charts

2024.2.2.0-b58
981e0b5
Compare

Choose a tag to compare

Loading

View all tags

2024.2.2.0-b58: [BACKPORT_2024.2][PLAT-16580]Support for cert manager Custom issuer

2024.2.2.0-b58
981e0b5
Compare

Choose a tag to compare

Loading

View all tags

Arpit-yb tagged this 10 Feb 15:49

Summary:
Starting 2025.1, YBDB helm chart will start supporting customIssuer types like AWS and GCP ones. Based on the value of useCustomIssuer, chart will either look at the newly added values (tls.certManager.customIssuer spec) or the pre-existing values.
Adding support for including commonName as well for the TLS certs created since some customIssuers still expect commonName to be present.

Setting the commonName value to the name of the service.
**Note** - I wasn’t able to set it to DNS since SSL cert limits the commonName to 64 chars and the k8s DNS can easily exceed this limit (even with a universe name that is just 10 chars long)

Test Plan:
  - Created a universe with useCustomIssuer set to true -> customIssuer spec is honoured over existing ClusterIssuer / Issuer spec
  - Create a universe with useCustomIssuer disabled
  - Created a universe with and without commonNameRequired
  - Created a universe on a build without my changes -> Upgrade to release with changes -> Ensured the certificate doesn’t renew automatically .

All above tests were with AWSPCAClusterIssuer and AWSPCAIssuer.

Reviewers: anijhawan, sneelakantan, vkumar

Reviewed By: vkumar

Subscribers: yugaware

Differential Revision: https://phorge.dev.yugabyte.com/D41805

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly