djayan07 opened a new issue #252:
URL: https://github.com/apache/pulsar-helm-chart/issues/252
**installation problem with kubernetes 1.22.5 and cert-manager 1.5**
```
Error: INSTALLATION FAILED: unable to build kubernetes objects from release
manifest: error validating "": error validating data:
[ValidationError(Certificate.spec): unknown field "keyAlgorithm" in
io.cert-manager.v1.Certificate.
spec, ValidationError(Certificate.spec): unknown field "keyEncoding" in
io.cert-manager.v1.Certificate.spec, ValidationError(Certificate.spec): unknown
field "keySize" in io.cert-manager.v1.Certificate.spec, ValidationError(Certi
ficate.spec): unknown field "organization" in
io.cert-manager.v1.Certificate.spec]
```
**To Reproduce**
Steps to reproduce the behavior:
1. create a cluster with kubernetes version highter then 1.21
2. install cert manager
3. enabled tls section in values
```yaml
## TLS
## templates/tls-certs.yaml
##
## The chart is using cert-manager for provisioning TLS certs for
## brokers and proxies.
tls:
enabled: true
ca_suffix: ca-tls
# common settings for generating certs
common:
# 90d
duration: 2160h
# 15d
renewBefore: 360h
organization:
- pulsar
keySize: 4096
keyAlgorithm: rsa
keyEncoding: pkcs8
```
5. install pulsar
**to fix**
Modify template `tls-certs-internal.yaml`
change all sections organization
```yaml
organization:
{{ toYaml .Values.tls.common.organization | indent 2 }}
```
to
```yaml
subject:
organizations: {{ .Values.tls.common.organization }}
```
change all keySize, keyAlgorithm and keyEncoding
```yaml
keySize: {{ .Values.tls.common.keySize }}
keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }}
keyEncoding: {{ .Values.tls.common.keyEncoding }}
```
to
```yaml
privateKey:
size: {{ .Values.tls.common.keySize }}
algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
```
fully edited template
```yaml
secretName: "{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
subject:
organizations: {{ .Values.tls.common.organization }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component
}}"
isCA: false
privateKey:
algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
size: {{ .Values.tls.common.keySize }}
usages:
- server auth
- client auth
secretName: "{{ .Release.Name }}-{{ .Values.tls.broker.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
subject:
organizations: {{ .Values.tls.common.organization }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{
.Values.broker.component }}"
isCA: false
privateKey:
size: {{ .Values.tls.common.keySize }}
algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
secretName: "{{ .Release.Name }}-{{ .Values.tls.bookie.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
subject:
organizations: {{ .Values.tls.common.organization }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{
.Values.bookkeeper.component }}"
isCA: false
privateKey:
size: {{ .Values.tls.common.keySize }}
algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
secretName: "{{ .Release.Name }}-{{ .Values.tls.autorecovery.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
subject:
organizations: {{ .Values.tls.common.organization }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{
.Values.autorecovery.component }}"
isCA: false
privateKey:
size: {{ .Values.tls.common.keySize }}
algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
secretName: "{{ .Release.Name }}-{{ .Values.tls.toolset.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
subject:
organizations: {{ .Values.tls.common.organization }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{
.Values.toolset.component }}"
isCA: false
privateKey:
size: {{ .Values.tls.common.keySize }}
algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
secretName: "{{ .Release.Name }}-{{ .Values.tls.zookeeper.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
subject:
organizations: {{ .Values.tls.common.organization }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{
.Values.zookeeper.component }}"
isCA: false
privateKey:
size: {{ .Values.tls.common.keySize }}
algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
