lhotari commented on issue #629:
URL:
https://github.com/apache/pulsar-helm-chart/issues/629#issuecomment-3290856966
including pulsar-diff.txt here as comment so that it's easier to comment on
it.
```patch
diff --git a/charts/pulsar/templates/_certs.tpl
b/charts/pulsar/templates/_certs.tpl
index 5aad491..2c683cb 100644
--- a/charts/pulsar/templates/_certs.tpl
+++ b/charts/pulsar/templates/_certs.tpl
@@ -67,6 +67,9 @@ Usage: {{- include "pulsar.cert.template" (dict "root" .
"componentConfig" .Valu
{{- if eq .root.Values.certs.internal_issuer.apiVersion
"cert-manager.io/v1beta1" -}}
{{- fail "cert-manager.io/v1beta1 is no longer supported. Please set
certs.internal_issuer.apiVersion to cert-manager.io/v1" -}}
{{- end -}}
+{{- if and .root.Values.certs.internal_issuer.enabled
.root.Values.certs.cluster_issuer.enabled -}}
+{{- fail "Please only enable one of internal_issuer or cluster_issuer" -}}
+{{- end -}}
apiVersion: "{{ .root.Values.certs.internal_issuer.apiVersion }}"
kind: Certificate
metadata:
@@ -106,10 +109,18 @@ spec:
- {{ printf "%s-%s" (include "pulsar.fullname" .root)
.componentConfig.component | quote }}
# Issuer references are always required.
issuerRef:
+{{- if .root.Values.certs.cluster_issuer.enabled }}
+ name: {{ .root.Values.certs.cluster_issuer.name | quote }}
+{{- else }}
name: "{{ template "pulsar.certs.issuers.ca.name" .root }}"
+{{- end }}
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
+{{- if .root.Values.certs.cluster_issuer.enabled }}
+ kind: ClusterIssuer
+{{- else }}
kind: Issuer
+{{- end }}
# This is optional since cert-manager will default to this value however
# if you are using an external issuer, change this to that issuer group.
group: cert-manager.io
diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml
index 0c65860..c5be28a 100755
--- a/charts/pulsar/values.yaml
+++ b/charts/pulsar/values.yaml
@@ -397,6 +397,11 @@ certs:
# The secret name of the CA certificate, it is mandatory to specify
this value if TLS is enabled
# and selfsigning is not used
secretName:
+ cluster_issuer:
+ # set this to true if you want to use a ClusterIssuer and not create
the Issuer
+ # ensure you dont set both to enabled (cluster_issuer and
internal_issuer)
+ enabled: false
:...skipping...
diff --git a/charts/pulsar/templates/_certs.tpl
b/charts/pulsar/templates/_certs.tpl
index 5aad491..2c683cb 100644
--- a/charts/pulsar/templates/_certs.tpl
+++ b/charts/pulsar/templates/_certs.tpl
@@ -67,6 +67,9 @@ Usage: {{- include "pulsar.cert.template" (dict "root" .
"componentConfig" .Valu
{{- if eq .root.Values.certs.internal_issuer.apiVersion
"cert-manager.io/v1beta1" -}}
{{- fail "cert-manager.io/v1beta1 is no longer supported. Please set
certs.internal_issuer.apiVersion to cert-manager.io/v1" -}}
{{- end -}}
+{{- if and .root.Values.certs.internal_issuer.enabled
.root.Values.certs.cluster_issuer.enabled -}}
+{{- fail "Please only enable one of internal_issuer or cluster_issuer" -}}
+{{- end -}}
apiVersion: "{{ .root.Values.certs.internal_issuer.apiVersion }}"
kind: Certificate
metadata:
@@ -106,10 +109,18 @@ spec:
- {{ printf "%s-%s" (include "pulsar.fullname" .root)
.componentConfig.component | quote }}
# Issuer references are always required.
issuerRef:
+{{- if .root.Values.certs.cluster_issuer.enabled }}
+ name: {{ .root.Values.certs.cluster_issuer.name | quote }}
+{{- else }}
name: "{{ template "pulsar.certs.issuers.ca.name" .root }}"
+{{- end }}
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
+{{- if .root.Values.certs.cluster_issuer.enabled }}
+ kind: ClusterIssuer
+{{- else }}
kind: Issuer
+{{- end }}
# This is optional since cert-manager will default to this value however
# if you are using an external issuer, change this to that issuer group.
group: cert-manager.io
diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml
index 0c65860..c5be28a 100755
--- a/charts/pulsar/values.yaml
+++ b/charts/pulsar/values.yaml
@@ -397,6 +397,11 @@ certs:
# The secret name of the CA certificate, it is mandatory to specify
this value if TLS is enabled
# and selfsigning is not used
secretName:
+ cluster_issuer:
+ # set this to true if you want to use a ClusterIssuer and not create
the Issuer
+ # ensure you dont set both to enabled (cluster_issuer and
internal_issuer)
+ enabled: false
+ name: cluster-issuer-name
######################################################################
# Below are settings for each component
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
