jonathanhartley opened a new issue, #629: URL: https://github.com/apache/pulsar-helm-chart/issues/629
In our environments we use a ClusterIssuer for all "in cluster" generated certs This allows clients to verify those certs as we supply a configMap of the CA cert (not key) in all namespaces The issue with this helm chart is that it generates its own "CA" by requesting a cert/key from out ClusterIssuer and then uses that to generate and "Issuer" namespace scoped to then generate all component certs from So unless clients have access to the "CA" to insert into their chain they cannot verify the certs The fix would be to allow ALL component certs to use the configured ClusterIssuer This would mean it does not have to rotate its CA every 90 days and it cuts out extra components (the Issuer) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
