Skip to content

Commit

Permalink
[PLAT-13422] Generate and save ca certificates along with self signed…
Browse files Browse the repository at this point in the history 
… certificates to allow YBA clients to validate YBA certs

Summary: [PLAT-13422] Generate and save ca certificates along with self signed certificates to allow YBA clients to validate YBA certs

Test Plan:
Upgrade tests

```
[centos@dev-server-anijhawan-4 yugaware]$ kubectl get secrets -n test-anijhawan-helm-2 yw1-yugaware-tls-pem  -o yaml
apiVersion: v1
data:
  server.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBeXlVVGUrcHVIaW5tSWhUeG5QWWF3OHFkOHRCUCt6RzVEM3RrekdZVWdDYVRaeUt2CmtMQ2M3bFRqbEc3d1h5TGtCZmRkT1QxTEJxMnBvSUcxWTBUM1MrZ1daQUx6MnJFRW0rcHFXRkJJbVlNSURhZnkKejNvZUFHZERPZ016UlJYS0RpUkVGUlM0WTBDLzZTcVNYL0ExbTBYVDJDellabklCQkNRQVU5UStya1Q0eEhSdApueFhqd2lFZ2p5UnFoT0tkZDB2eGw3eGhQYUpLbWQ0SG5Db1M4ZS9SNVdJb0JkMHdlZXVaeWc1cFk1S04zNUw4CjRFSjBkUkxmaDBkeXFtU3BuNWRrcXpwZzR4bGpuZHd2TmFpeDlBcU9iNHdUaUl6UEVmQ2ZNM1ZOMnVZQlNSNWQKak9GbElOeS9DZzVsa0t1TEdMUHZXVFBZYUNEOXFTRWxMeG1HbVFJREFRQUJBb0lCQVFDQUVTdXJYeXQwMEsxSQpwek42NUp3Uyt0V0FrbHNaM1VyeHU3VGNOeTZOYThSWnJNQkowMDNiNHFCbW4xbmlZRGlvbWoybkxFRDBRTjlEClZRSnBScjB3bVd3a09NaExBbllKWlVzTnllODYrQ1JIbDYyM3B5RHEyQzdGaitidWtzSURFRkhyaUZpR0dmZmkKb3ZnTWkzOEFHSkZwSXp4NXVUMXl3cytDQ2JoS1hBbEQxR012S09rNHdLd01IL2EyVDA4QTZmT0dGUGN0ODBTMAp2S3BhQUdsN3JEWFJvVFBuNzJ1OWIzZXltSnJlUmhLbWpyNmY0UTVTbFo1RWlXTitUNXd3clc4S25la3J0Tk0yCnpRa2V0WXRQcGZpWXVrdnFCbU1VR1dSc2F6eERmeHd5bnJHc0szK1BaNFc1YmsxbzJpWkxoNU9lQmQzVGZ0TG4KUmFuQldFNFJBb0dCQU8xdFZVVWxjb2xON1RLeUhDcll4eWNDMGNOYWxmRlEwVEtuZ1E4U3JTellFZmV2WmdWdApSOVlsZE1oQWFNQXJwcUtXdGJwMDU4Z2N2TGRZc05jejU1NS9iUFhpVzlKSDRJMG5jWFc0b1doWnFvZ1p3SUZPCmVnb29IM2RqT0FQTEZ2TzE4YWo0eWdYVnJIMUppL2lxb1Y1R0Z4LzNJc3BVeEM0c0JpdmxYREpiQW9HQkFOc0oKTnFqMkZMYzJXb09JVjkwd1pSYnZEbEM5SW4wWHAzYTVFOVpSVzhQWkpNQjVHNDF2Y2Zaa3AwUHVPSm1KYUU2awpZcGZjUC8zS0dTSE1pdWlrMTFmT3NGSWlJell3ajhPVU96QXU4TVZGVG5OeDZHUkdOQmo5OXNaNUg2cmcwalBiCk92Um41S1BPR3p1R2NHT3ZHRlVXVmxQNGYvZUp1czIzUzhzRmVGVWJBb0dBUG5JMExEU1dOR0RIa3o3ZlE3R3kKWjZOSk1uMWYxSkZ5QkVXa0h5ZkZYbmNSK3JncU9DRXU5TGJ6U1R3UGtRT3FGemRXWXMwZXJUWkp1RnRlWDZ1cQpMcmpMR3J6SGM3NHQ1RkpNZUM3d1hQYkFjSDE5Y1VVSHVpWWxhSXd6RG1SYkRBeDltL2liZ2Y5YUY3WEJWOHpoCkZsK084M3hYclNtd1U0aUdzd0xuUmVNQ2dZQlpDRHEyblNnNGZKaDRKS0NLWVJTR0tPK3BzK2RqNzR4N2ZxbG8Ka1RONnZUWHFJcEFuZ21oUlhnSjdZMGFRYWtFQ3ptRGhGMzdQV3lteUNtRmdSVGpmRVQyc2RRSFpFZzR0MG4vbwppdndGUTdHcXpWOUgreDFNRjFjS3Y4czJleUlXUUFPTHV2czk5aFl0c096WUtDRDgzUktFR1Z0eXRBSkJna01GCnFCaU1od0tCZ0RjQzQyVkNtU1VIWGxjcjN5Ti9lek5EaWNrckdubnpZZy9UZmpDQUlmRmN0OUQ2emdqTjBKRE4KSDkrakRNUjFkV0hCbDZ3cFRqUWdnUTdmcUdDT1RKV0lqdFF5TTZzK1hDQjZMa3F5a1lBOW80QzVXUDZBam9wNwpUcmFhWklvYkNSazA1cXRiVmg5VFk1MTgyYTVsWURGSW51bTBvSUZ4QUdUUVdkNzBuY0hWCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCgotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJQzhqQ0NBZHFnQXdJQkFnSVJBSm9pNXR4cWFPMThjYUEvWGFuTWpBa3dEUVlKS29aSWh2Y05BUUVMQlFBdwpGREVTTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTUI0WERUSTBNRFl5TkRJeU16a3dOMW9YRFRNME1EWXlNakl5Ck16a3dOMW93RkRFU01CQUdBMVVFQXhNSmJHOWpZV3hvYjNOME1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0MKQVE4QU1JSUJDZ0tDQVFFQXl5VVRlK3B1SGlubUloVHhuUFlhdzhxZDh0QlArekc1RDN0a3pHWVVnQ2FUWnlLdgprTENjN2xUamxHN3dYeUxrQmZkZE9UMUxCcTJwb0lHMVkwVDNTK2dXWkFMejJyRUVtK3BxV0ZCSW1ZTUlEYWZ5Cnozb2VBR2RET2dNelJSWEtEaVJFRlJTNFkwQy82U3FTWC9BMW0wWFQyQ3pZWm5JQkJDUUFVOVErcmtUNHhIUnQKbnhYandpRWdqeVJxaE9LZGQwdnhsN3hoUGFKS21kNEhuQ29TOGUvUjVXSW9CZDB3ZWV1WnlnNXBZNUtOMzVMOAo0RUowZFJMZmgwZHlxbVNwbjVka3F6cGc0eGxqbmR3dk5haXg5QXFPYjR3VGlJelBFZkNmTTNWTjJ1WUJTUjVkCmpPRmxJTnkvQ2c1bGtLdUxHTFB2V1RQWWFDRDlxU0VsTHhtR21RSURBUUFCb3o4d1BUQU9CZ05WSFE4QkFmOEUKQkFNQ0JhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUF3R0ExVWRFd0VCL3dRQwpNQUF3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUtjVjd2M3VYYVkzNGNqSGoyVEhkckI0ZGRGZTJMWU02cTM3CmtWRWVOQWdtaWJ1UU9zcFBtemViZCtxaWRpcENtKzMzV0xvcTZOU3R1bWtKOEJjUkNxNk4zN2toWTlvWWVxTzgKMlVnb0pBaldMcEFRQ1JSbHMvK0JES0RsUzZIWTdCb3BId3ZvODJYZUlTL28yNjVBRUZleXFoVXNXZGlnbFJWbQpXSVhURnNaaFNDa1RYZGZCdENTcXN2cmQ1R2czbkdhT05nQkVMY0dkMkN2ektIS05wUnFhNmhwWWtsQVJQREZhClk2Sk9TNXJ6cGZ6LzZ2VlFuSWJvQjFXVXlTeE8xanYwZnVpdXhORjdCa1VIdVVBajlTdHJPdmtEODRiaFRobE8KV2hjWU15RVZSaWhPSEdpTnFMVWRtS2VuNzhIMUpmVHJHdG16cmNtaEhlQTQ1T2FiY21NPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
  annotations:
    meta.helm.sh/release-name: yw1
    meta.helm.sh/release-namespace: test-anijhawan-helm-2
  creationTimestamp: "2024-06-24T22:21:03Z"
  labels:
    app: yugaware
    app.kubernetes.io/managed-by: Helm
    chart: yugaware
    heritage: Helm
    release: yw1
  name: yw1-yugaware-tls-pem
  namespace: test-anijhawan-helm-2
  resourceVersion: "208270922"
  uid: e1f4a484-4e25-4a3d-8960-3faeb5597196
type: Opaque
[centos@dev-server-anijhawan-4 yugaware]$ cat ~/cmd
helm upgrade yw1 ~/code/charts/stable/yugaware --namespace test-anijhawan-helm-2 --wait --debug --timeout 3600s --set=yugaware.multiTenant=true,yugaware.resources.requests.cpu=5,nginx.resources.requests.cpu=0.25,postgres.resources.requests.cpu=0.5,prometheus.resources.requests.cpu=0.5,yugaware.resources.requests.memory=8Gi,nginx.resources.requests.memory=300Mi,postgres.resources.requests.memory=1Gi,prometheus.resources.requests.memory=4Gi,image.repository=quay.io/yugabyte/yugaware-itest,image.tag=2.21.0.0-b545,yugaware.storageClass=yb-standard,image.pullPolicy=Always,yugaware.service.annotations.networking\\.gke\\.io\\/load-balancer-type=Internal,additionalAppConf.nonStringConf.yb\\.internal\\.headers\\.subtask-abort-position\\.enabled=true,securityContext.enabled=true,securityContext.runAsUser=10002,securityContext.runAsGroup=10002,securityContext.fsGroup=10002 --set=helm.timeout=3600  --set=tls.enabled=true

[centos@dev-server-anijhawan-4 yugaware]$ helm upgrade yw1 ~/code/charts/stable/yugaware --reuse-values  -n test-anijhawan-helm-2
Release "yw1" has been upgraded. Happy Helming!
NAME: yw1
LAST DEPLOYED: Mon Jun 24 22:51:29 2024
NAMESPACE: test-anijhawan-helm-2
STATUS: deployed
REVISION: 4

[centos@dev-server-anijhawan-4 yugaware]$ kubectl get secrets -n test-anijhawan-helm-2 yw1-yugaware-tls-pem  -o yaml
apiVersion: v1
data:
  ca.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQU9SWGhrbnR1K3Q3RXNXclIyeUErdDR3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSmJHOWpZV3hvYjNOME1CNFhEVEkwTURZeU5ESXlOVEV5T0ZvWERUTTBNRFl5TWpJeQpOVEV5T0Zvd0ZERVNNQkFHQTFVRUF4TUpiRzlqWVd4b2IzTjBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUF2ZXFOREVCNXpIbTdBd05GNVhtY0xaOVd2NXBZOUMzeXMyS2J5S0pncEJ6ZWhwcEIKK3BVVjQrd21NRFppRUxrb2p4WHZ3Sy9lNitIQWNNc2JNRE5RczNHeklCbytUQjFycUZXOVBFOG95UUUrd05JZQp6MHhWdzl4OWFkS01adFQ5U3dJZzJCbnFPUWxBekViU1dHbVErR0hueW1PbDhONlJsK3VSMDJNRStKR05FREhVCjB6Sy82YWg2RmR5YWZ3V2U1akNzU2JtSStIV0FGNVRDQzB0RGNxeHg2TVhPam5qb1pndEZhV1I1bkllTkowM24KOE5oam5xN0x6Zjgyc1JKKzUyaS82RHJ3UUpKQ3l6V1pEaDdWeGs1YmxjaGt6S09RN3pjMHJVWVlHZDJqOVRSOApIclNKM2VGaHVtMW45cExwcDdva2NybXRDT1BiWXB3K2lBa3R3UUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGQUxSWnhOUWNiYkdhZnRQc1VqWXU4bEx5ZHBtTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQUlnS2k5R1UzMTczbDlvWGdVSGM1SGVzRDdXUzJnRnR2MWVjTEt0Sy9wcCthSzZkOVNaeW5PCjJuMHNHU1hQWjBFU1dIeVNKQlE3elZOOWlnV051TnBzcmdhWFhOczE1VkY4bFVHS3NoR2NkRmdxTHFZU25nQXQKRE5wcHRVL3FVUVEvVEpQdHlVcHl1U1RvYis4RlRIeXBEekJxbGhCbkREZHhEZ2pBcURHaXp3TWhuSXZlZ3l5RQpWcG1tVUF0RXdwL3RyUWVOT1Roazh6YnV1VE9sN3JvZE5OMFdLakdVN2ppTEwybEwrNFhmZkg3OHBwMS91NURtCmhHQ211cFROcEd2Mkhzejg2QUwvMzhyN04xS1U3SlJkd2VBemMycmFtM1hqLzZZNnJURGwrNXF0ZTRIL1o1RmoKeWF6alZUZ3ozSHNuTzhiY2p2b2tSMVRxNWp4MThpZW8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  server.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBMFhGVVJXZThLL1JpeUJoVTFyazFyU2YxS1I3MGNhMDRuUXphSk43akR2L0taR0hXCk45dU1Nbm9CUHJmQXlWcUpmTmJTRkFHaEY4NFpNcVIyYktYb0lweUJteHpwRlF3ZXZoelFLWDNVc09YRkNOTTcKcUNMOFhNaXQxWXVBUDVRZUhNcEFOekVld2F3bWpnYmV1YkEvRnYrN1RCTU1iL243Y1JYbmlSeWIycytrem52TQorc1RJQVBmMVYrZTZyMWt1S2lqeUtRNnlwTnZ5Z1EzZ0FMMVY3dWI5dG5XVmlSUE8xZkRjMGFZb2l2Q2s5Y1dyCkdXeU4vUTlhVWFTMDhncG0yTUZsSDlXd3VRMnNMZ3dSSkdBRFJUUGN1QUFzT1N3aFFZUlpYTVlXMHZWa0tGamkKbjZ5bytjY3M2NkdhKy9hbEtYa2hxN3JIajN3Rlg2K0c4VWVKWXdJREFRQUJBb0lCQURta2ZESUI0OXNoRHBMTgpoNFAxUTEyZHNxNlhrMlU1N0d2azNxRHBLd3Ewd1lveEZ4a1dkcFpwMTYvZ09OSHg5Z2NDeEp5MitoUW9KKzAxCk1GYWtycWZmOVJld3RFR1RyVjViWmJzVm81VHdGL05lMTN0bDdaakhybmdvUmFxNTVETytRa0F1WjYyYjZKeU0KTFg1amtHbVBCb2hnY2JyYnpTVUpoMGpJTStqYlgxdkp2MERFWlY2cVhmOHRVVHhpdFkvQmI2QW5qalpHS3VWSgowT0V5cGw0TW4zV1hKMHQxRjJ3TWtXaHFhS2hGc29tYUV0YjhJUDRlT0pBZFlIL0Ruc0lXTFVDSkQ2ZEdZTUtWCk5MOGlFZjNXeGhISmhkTjdzNUtPOWFraWlQejU2Sk5RYURRZFdjSjRqell2ZnBNdXBzc1JndCt5SWJwRHd5V2sKM2VPYVJDRUNnWUVBOTdubUFyellCalljQXZSTjVqRzFKOFZTK3YzdG5UcGREMW1aak55ZVFjVzd3YmxKUmw0OAo3N1N4eDkxKzRMeXBpbWZTdCtLcDd4a3kvazZGUHRwZHhwTXJaRXJ1azMybTN4d2RrT1VTdlBGYnpNY1ZZOEZiCnBtMHJFVGJDbFNmTVBCZExtNTZtUGpzcWl3UmtkQ0c3WUdRNmkxUTZzVFFFZmkrdU85SmcrM01DZ1lFQTJIQVoKc3htVTErUGUvU3NGNERmczNVeGxPWWJiT0dQY3MzSGZaUTF5bFNiSTJ1Zk55UUdJTnljMUo0aGNIc09WMlhYLwpKbG5DdjZ3cUN1RkYrUGJ0NUhrOFFYd3RkMmp1c3ZEeWpqVmE2WmRuL3NtMUgrbExaQXZEMnJSZC8raVRWMC9tCklDWjFYYVdkQlNpc1NXY21yTVJVOFRCRlN6RS85Tm4zY3prOW5sRUNnWUVBZ0pBOXl0WHUxdXBtQnpKNjZ5aUkKOTZiMHRjWHE5MW8reWFTYWgveEhOYU5GR2ZqckNsWUdFZkVaQXJ6MUIvVmhsNjdpTVFTMVpKMFRWZCt5VHpoTQp5cTIrSzBLb0ptdGptdzZnV1g1SkJ6M0xncThmYnJIK3VwU1ZjVTJXRm9xYzkrS3ZIb2hyaG9oMlA4ZDd5cmxtCjRWT2kvb1FzSWFMNVlmT2szTzhGM2ZrQ2dZQTBoRTdZRkZiM1k0VlI3TVNLT1VleUVyMWxEZ0hYVnZQUVhzc1QKM0FWM2gyZXBKaUhhcWhLQlAzUTRXVy93endobk1haHRoODRuY0FEcmp1bkpsVEQ0QlNySHdQZlBSNWpUdG45RQpYbEhtNkNRRndLL0FSSDFVa3o0OHJSTTU2eGNGVW8vR01VNjlJRmhQVGlVdjBtV2graW1hTkZvNytvRklTak11CnRDN3RZUUtCZ0NRb1RaSmVEQ3ZDYXVpdEJYUTc1dTBUcDFKNzBhRUNhdCtXQkwwcDc4U0liSjdSNmZsL2JYNlMKUXVXYURvMFZ1T1dZRndzUWk5NXRqZ0N2N1ErTlNJdUdDU1ZXZDM5NlY0TFhrL093eG1uZXp0M2tCbnlFWFo3Nwo5c09YK1ZJNG5YNUdXdkRSWFcrZFBaamxiTlkraVRxcThWMXFZWGtab1BRODJzakdsdG5HCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCgotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJQzhUQ0NBZG1nQXdJQkFnSVFIcS9vT3kvT2FKSmFmRUlnNGhTalNEQU5CZ2txaGtpRzl3MEJBUXNGQURBVQpNUkl3RUFZRFZRUURFd2xzYjJOaGJHaHZjM1F3SGhjTk1qUXdOakkwTWpJMU1USTVXaGNOTXpRd05qSXlNakkxCk1USTVXakFVTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2YzNRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFEUmNWUkZaN3dyOUdMSUdGVFd1VFd0Si9VcEh2UnhyVGlkRE5vazN1TU8vOHBrWWRZMwoyNHd5ZWdFK3Q4REpXb2w4MXRJVUFhRVh6aGt5cEhac3BlZ2luSUdiSE9rVkRCNitITkFwZmRTdzVjVUkwenVvCkl2eGN5SzNWaTRBL2xCNGN5a0EzTVI3QnJDYU9CdDY1c0Q4Vy83dE1Fd3h2K2Z0eEZlZUpISnZhejZUT2U4ejYKeE1nQTkvVlg1N3F2V1M0cUtQSXBEcktrMi9LQkRlQUF2Vlh1NXYyMmRaV0pFODdWOE56UnBpaUs4S1QxeGFzWgpiSTM5RDFwUnBMVHlDbWJZd1dVZjFiQzVEYXd1REJFa1lBTkZNOXk0QUN3NUxDRkJoRmxjeGhiUzlXUW9XT0tmCnJLajV4eXpyb1pyNzlxVXBlU0dydXNlUGZBVmZyNGJ4UjRsakFnTUJBQUdqUHpBOU1BNEdBMVVkRHdFQi93UUUKQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJdwpBREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBcmx3M2FEVXg5MXl4Smw5VVExaDFwUm9mQ0RjV2hzNnhIWkw3ClpXaGlDbWx4Y2lqbmo4MEpZUDlDczRGalIwQkdEUWcwaHBIRG9qT2hXNkF6TmgrNjZzQWVrRHNrTDJzSHVGR2kKVTVwQUMxYnRPWmdlb3drUVNydDZLV240RXpYVUFJL1E3bkwyaTUrakhBTnV3dXRaaDdyc3JQdHowYkQ0QjFHUApudE9sSHFhR2NUeFdBNzVjZHVmOVo4ZG5ueVBaRVpoVW5wUWo4eWl6ZC9qeTVnM2N5Rk9aamU4MmJtSzJmR3lzCnZXNHQ1ZllCNHJMM3VXVWYyUkNPeWFnZk91TCt1L0tLR0swZzRzZ3BNelR5cEh0V1RTeE1BSyt1Q2hESjVNSXAKSCt3dHdoK3loQnQvbU9qYTJXK1B5b1M1QkNjRGZJQUhNTHp0dW85VGFaL3pnN1ljaFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
  annotations:
    meta.helm.sh/release-name: yw1
    meta.helm.sh/release-namespace: test-anijhawan-helm-2
  creationTimestamp: "2024-06-24T22:21:03Z"
  labels:
    app: yugaware
    app.kubernetes.io/managed-by: Helm
    chart: yugaware
    heritage: Helm
    release: yw1
  name: yw1-yugaware-tls-pem
  namespace: test-anijhawan-helm-2
  resourceVersion: "208271815"
  uid: e1f4a484-4e25-4a3d-8960-3faeb5597196
type: Opaque

```

====

Generated some more

```
populated all values.

stable/yugaware/values.yaml --- YAML
270       memory: 4Gi                                                                                                 270       memory: 4Gi
271                                                                                                                   271
272 tls:                                                                                                              272 tls:
273   enabled: false                                                                                                  273   enabled: true
274   hostname: "localhost"                                                                                           274   hostname: "localhost"
275   ## Expects base 64 encoded values for certificate and key.                                                      275   ## Expects base 64 encoded values for certificate and key.
276   certificate: ""                                                                                                 276   certificate: "foobar"
277   key: ""                                                                                                         277   key: "foobar"
278   ca_certificate: ""                                                                                              278   ca_certificate: "foobar"
279   ca_key: ""                                                                                                      279   ca_key: "foobar"
280   sslProtocols: "" # if set, override default Nginx SSL protocols setting                                         280   sslProtocols: "" # if set, override default Nginx SSL protocols setting
281   ## cert-manager values                                                                                          281   ## cert-manager values
282   ## If cert-manager is enabled:                                                                                  282   ## If cert-manager is enabled:

```

```
# Source: yugaware/templates/configs.yaml
apiVersion: v1
kind: Secret
metadata:
  name: release-name-yugaware-tls-pem
  labels:
    app: "yugaware"
    chart: "yugaware"
    release: "release-name"
    heritage: "Helm"
type: Opaque
data:
  ca.pem: aWxsZWdhbCBiYXNlNjQgZGF0YSBhdCBpbnB1dCBieXRlIDQKaWxsZWdhbCBiYXNlNjQgZGF0YSBhdCBpbnB1dCBieXRlIDQ=
  server.pem: aWxsZWdhbCBiYXNlNjQgZGF0YSBhdCBpbnB1dCBieXRlIDQKaWxsZWdhbCBiYXNlNjQgZGF0YSBhdCBpbnB1dCBieXRlIDQ=
---
```

```
tls.enabled, ca_certificate empty.
[centos@dev-server-anijhawan-4 yugaware]$ git diff
stable/yugaware/values.yaml --- YAML
270       memory: 4Gi                                                                                                 270       memory: 4Gi
271                                                                                                                   271
272 tls:                                                                                                              272 tls:
273   enabled: false                                                                                                  273   enabled: true
274   hostname: "localhost"                                                                                           274   hostname: "localhost"
275   ## Expects base 64 encoded values for certificate and key.                                                      275   ## Expects base 64 encoded values for certificate and key.
276   certificate: ""                                                                                                 276   certificate: "foobar"
277   key: ""                                                                                                         277   key: "foobar"
278   ca_certificate: ""                                                                                              278   ca_certificate: ""
279   ca_key: ""                                                                                                      279   ca_key: ""
280   sslProtocols: "" # if set, override default Nginx SSL protocols setting                                         280   sslProtocols: "" # if set, override default Nginx SSL protocols setting

```

```
type: Opaque
data:

  server.pem: aWxsZWdhbCBiYXNlNjQgZGF0YSBhdCBpbnB1dCBieXRlIDQKaWxsZWdhbCBiYXNlNjQgZGF0YSBhdCBpbnB1dCBieXRlIDQ=

```

Generated helm template and checked that ca.pem was generated along with server.pem.
```
# Source: yugaware/templates/configs.yaml
apiVersion: v1
kind: Secret
metadata:
 name: release-name-yugaware-tls-pem
 labels:
  app: "yugaware"
  chart: "yugaware"
  release: "release-name"
  heritage: "Helm"
type: Opaque
data:
 server.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdG1ldGxETWppZkNQdmJ1bmkrZWlIRFVxQ0I4Nm8weSszZjg2R3Z1WnNPVTdlUkdzCmFyd1c1ZUhMRi9xWVN6czJubjlmWmdNWEZUY3oxMjRwdkNiWFQzV3BQK3J1MWdFVVR5aWhzZjE5MlJETFZwVUUKWXMvQ3g5aFRsRjJQL0Zvai9BMzlaWElpQ0l2VlJ2dlcvd3BDWG5oOHpXQ3ZLcnFsbEN1cWtmZlliKzJGVzdOegpCM09GWDFVM1l0dFU5T0R1Rm1wcTNyTzBrOGhycUpQSzVHa0hibWpiMmkvZGtEckxhcXpwK1Nkb2ZUMHhlWHEwCnczSng4WlJ5QkUvNm5pWmhVN1JZM0Z6RS9IV0FtVjhUZHdNWFRzLzRpUkpXM0lzYzJSRDF0Uk9oVCt4dzQ5NDMKdU5teDFVeUkvZTVpekxhRWk2eXJkQW9rQkZGQUEvbUdmaUNhdHdJREFRQUJBb0lCQUE4VHFNUk1LYzdZQkhtUgpUanNCTFdRWmZOem8vK2JKakNrN1ZHa3dqTGFUYkFRSTB2Q0xsWFR3NGVHY2hBUUw0K3JiNmwyN09hZzJST0cwCnFGeDE5V3dLOUs5azB0TDdpZHMxSjVCWHZKUTVrQ1VhOGg3Y3YyUFhYS2t4eHBuOE5XYzdITXZLMEVkV2o0MXIKZVl6aEl6VTl6a3NIaDlNSFZISlgzYVJ0RVFYSFAyY1pQN3dFYVRIT2xHVUtSR3pYYzBRQ3BQVy9BSk4xTDNTVgpaRmZqS0wzbnBQTGRqR1JCbzcwcHJTYkJwdUliU1BObzdzR2tvWVR2MEFOakh1eG1jY1gwamhraGRma3dQeFpoCm81M2JUZDJhempVT2FQRHRFWFJBRzZEUk9ZWUdGWVVzSnZsOGRKeUVHR25EWVB0czJKK21BQUFMaDNLcnV0MEwKTERtMThaRUNnWUVBeW5KajNMQ1JRbXZGWG0wWk1ZWFJzbFNBTUdtM2QxaE16aStOZHR2N3d3WUpVaFZMTTQwSwp4NVNxcThiczV4ZE5EN1Rrd2YxUHBsUmF6VkI4RXh5WXV4S2pDYVI2OGR6bEdLVmpvSG5pTkh3VzdTU0lPU3pVCkQrZ2lhbFVPaUQ1aUd0SEZycEMzT2U5VFIrYVp6a1k2dloyVUY2cERZSXgzN0VjS2JBNXYwTzhDZ1lFQTVxZ1EKTEkvZThZTzJIaEh3d3J6T1M0VWxCUDB2dkdJeTczbzJvVW1ldDU4SWZxT2xtK1F2TmprWEtlYmNQZFJydGVRUQp4QUlLbzNiNkxXbUg1ZFBRTG05RllzeFhvck1rZEU0ZUN1YmZsblVlZUd6SDFmcXFzcldZZmdFaHJGeW5JMlcyCk94cEVmVzNQRGo5ZVI3MURyY1BkVk9LRDBuQ1FEUXpBaW5IYlFya0NnWUVBdlZmVmZJQUxxL0srQ3YzQTFXZVMKWTliU2VmVTJLY0lGTzhhUDZiMy9yenlERlNsalIxaS8zMEIxaSttbWd0QnhPNkoxWGRZOFc1V0R3NGxtTWozSgp2eFhFTk8ySUs1UHRGV3NDVGdJUkJnT1ZNY0M4UTdWZ3RXdm9YRWtuS1ZnblMyd3RGb0sxUzlOQnNmckVtWDluCnl4YUpmc1M0OWFFTFBJcUkvZDFXeVRNQ2dZRUEzY3hHb1ZOSG94NXdoY0hpcnFBNEQ4N2Nwa3VCRjdtbUdUcUEKUmVBeFM0a1Y5aEVQTXpUZFlWck10M0pUM3ZEaEVtdFk0K0xDc0NXOHRPYUIwN00yd1RBbW5MYTZucTE5SklucAp3Ym40endtWVgxemJYUnhLQU1jMitCUEdlYVF1NUk3dUNTOWRKTy91NTFod0pMUU8zSTAzekdSMU5tc2ZXaTBsCkNQd3JSNkVDZ1lFQWtoYWN6V1RlN0xvNTB4Qzc2L0FyZ0pETCtnU096NGJxZUJmWlptajdJazdUNTljYWZic2gKVHpNdk5pS1B4WmVMRVhWd1hsekE3dG0zNWZGQVk5eitEMXhnYUR0V0NSbWpuL1hCRkMyZDVmek1BTXc4YzYwWgpsd3JnOWFrRnZZOHhxMU41NzU2Wkw5VmQ1eE01VUVlblJWN0wzNzluYzNuREY0T1Zab1ZTVEYwPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQoKLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4VENDQWRtZ0F3SUJBZ0lRSGZYQkM3Y0hwc01vR0M1UmJ3Nko0ekFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2YzNRd0hoY05NalF3TmpJeE1qSTFNVE0yV2hjTk1qVXdOakl4TWpJMQpNVE0yV2pBVU1SSXdFQVlEVlFRREV3bHNiMk5oYkdodmMzUXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQzJaNjJVTXlPSjhJKzl1NmVMNTZJY05Tb0lIenFqVEw3ZC96b2ErNW13NVR0NUVheHEKdkJibDRjc1grcGhMT3phZWYxOW1BeGNWTnpQWGJpbThKdGRQZGFrLzZ1N1dBUlJQS0tHeC9YM1pFTXRXbFFSaQp6OExIMkZPVVhZLzhXaVA4RGYxbGNpSUlpOVZHKzliL0NrSmVlSHpOWUs4cXVxV1VLNnFSOTlodjdZVmJzM01ICmM0VmZWVGRpMjFUMDRPNFdhbXJlczdTVHlHdW9rOHJrYVFkdWFOdmFMOTJRT3N0cXJPbjVKMmg5UFRGNWVyVEQKY25IeGxISUVUL3FlSm1GVHRGamNYTVQ4ZFlDWlh4TjNBeGRPei9pSkVsYmNpeHpaRVBXMUU2RlA3SERqM2plNAoyYkhWVElqOTdtTE10b1NMckt0MENpUUVVVUFEK1laK0lKcTNBZ01CQUFHalB6QTlNQTRHQTFVZER3RUIvd1FFCkF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXcKQURBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWxoT3JrWUVIblF0dXk1OTJueHhOVlpJdlhFaHg4UDFPakZSRQpXZDQ5YWpVUTlOMk84MlMrblZWMHBoWVFXTExCeTZQYi9jcTlPRXVta1dKR3Q2eElQNGc1Y013UklmWUFlM2Z0CllUdDNqRFcvN0JPNExLYXlJR2RpaXBoWmQ3MjNxNThVSTVxMHZXNDQ4blhSckJHMFRJeXNVK0FZb0I2dm8ycEYKd3NkcjZUS2JUcG9Kdm41cjFORzZUcmxieDNaRXJaK1NOakZibER1Y01VMTQ0TjVna25waFNPb1YzK3VCdnpoVQpXZW9wdUFNQ1ZsQm9KdDVGRE9tQmJTV1JYUlFJRG5ZQUVsMDdDQnpyUXVhVSs0K2xDdnZNYnNUNkNIR0Q5NnJVCjg3dERuczFHZW5CNDFwaWZxQkNWaC9tN0x3RlVZdG9ZTFMrdlYweDIraXFqaFF4Ykh3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
 ca.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBeE1OdEpoa1J2OFlEdHdpWDJ6Zk9jK1JuVVZWUUVHYU5sdU1BUlBVNS9BcDduTlNKClE4TDNGYWRqZmJ0Qlc1d1VDNHZWRzZLRDZ2N2pvNWZ1am1tRmtmMlZKQkIyZVNMb2RlUnhNRE4xcHFnQUpPc28KazNNWE9BazY4VEVIRjRUeGNFYXkreVFUcVhHUkEzRlBSalcvZnVlQUMyWXJWQVVWdndveXg1WUlpWnZVUHUxdQpSa2N0T3RVQ2RyWmRybTdnRFVZdU1rVFEvcGNoYThuanp0Vnl5SHk5QWtjK3dYTmx1RU85bjRpazRMTCtyZmdoCjlxTk82V0I2RGJsZXliTGsxRmViakVGaktjZm5PeWZhNFdNOHVhMG9mVHFlNncvNDZQNllTMkk1dWc5dnlFUTgKUjBwd3dHTEZkeHVOcm1uMzJOa2NEU0dPNXpZd2RIWmJVK0RJNlFJREFRQUJBb0lCQUFPenJZMEc4YmVLOFN6egpZM0FEWjhYMGFTRTFtckVFVE91bXo2MThjNS9UVHFvUHNabHR4SnBLc090L3AyWWkxSm0zQXNablUxWUxmNXJuClU5eW9EWlJHa2hUQW5vbis1eUs0cm94Nm0xOE1VQnhodER5NThKamtTNUNZSElzTHZFTWhnV0tLTmpoODQzNk8KRmpDNitDUmFGS1dpUVhSdU9BK0ZFSm1Dc0J4dW9xZ2U5RTRvcTZNTFhZMmt4eE43d0VQc28wcmUzZWtwc1lPeApiTHd6VlR5TEViSk5wcXBJM08zQ2c4SjRuaHZoZTJSUjZXWG9ZYW4xbFpFWHo0M1NYUzBhTUJJVWpiaEU0ZjM2Ck00Nk1mY3hJZUhXQUIwNVdhazR2THZHUzNFSkhrUUN6SDFHbnVUbittU2xudms3emNEV1BpbzQ1NHVHbFBrbWgKNWJZSCtKRUNnWUVBNVplbThlSi9Rbk5ES2g1aEgyNHdBZzl6Kzc3b051bzE5NTFESkY3ZnhUdW5CYUZEQ0JiTwpYQWV1eGNBeGFpUlZQbWhMUVdZOWxWL1RLemg5WS9QeDg5N3o2bmhCOGhEQmpVVHowY042MVdYQ2k1MmM3QW9rCmpDajZ2Y2RWUkt4L1NkMnNDelROMVV4ak1rYTJSUXBCcG9pNTVMcTRTdjc5dU5sUFpveUhNVzBDZ1lFQTIyVWYKeDRhcXIwQXkxa1JWRi81MitrdXpOMVA2TzgveUp0SGNhRkF0Mm13c3FTN29NTjNSYk0zNDcxemY3dG1FdWtyTgppRnlKaG1RZzBiUHZwY2tiRE9RVXdrRldla1Vmb0pVejdMbG9iM2pSVmhSMWRjTGZQOGRqVlhxL2pHR3YyeDNhCkFTaEhSY05ZMGhrcFZ3ZmVrL1hiZ2JNU2RNdkFEeko0c0VjYXcrMENnWUVBc2ZtOFJWZVIxUDRxdTVTdkwwRW8KWUFDQXBVOFpEYkREUXY2YWxMQWpBTzY4QzZZMW95aWlzVDZYWWQ0WnNERVlEM2VqbHIvZHoxUm9DdUlRZVpJYQpKalRYbWhPODh4dkFIbldzR0JoVHVPYllSNGhYbzdZOUhKV0x3ZCtxbnNDbEw2cHgrb0hsYVlwOGZ2WEh4MzhxCjR5Q3NFYjRZckxJOEZyWUdVZlZ2dTRVQ2dZQXZiUm5Fa1BqZXIzc04xSEdzb1NacER1b3I0S3hzTjVSNkRjMmUKZ3c2V2MrSG5wS3N1dlJTamQ1Y0RiMGs5SWFwT2R4TWRFaHZzZ0VLVDhsaXd0dHR4R3ZEZDJTL3ZlSGZReDlBVQpzVFBCUFJYTGpOcWpYVC9UVXEvSGI2UnVuVU5kazRObjBxUXRrWC9tMHVlYjE2aW14WFB4QXB2UHdhZS80VUl6Cm9QdEpOUUtCZ0ZidVhBcEZ0NlhXMTkxdWUyN3VITmcxSjV4aTkvZUdlVGpQYTBlZ0xlL0o3aGgzREVBTjFRNk0KcjVhN1N1NWM3YnAxdXdYMDZFNFdGR3N0VDFSNStpZWdDRmN2SXRCVVQvSG52UUhwcFBnVTFHRW5idWpLR1NaaQp3SndwTGNZN0dqSk1VVXNMM1k4TDZ0YmUwTXVGclNYRjVBcEFjZjlLQWNROW9ta3l2T21MCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCgotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJREV6Q0NBZnVnQXdJQkFnSVFQbGY5WHJ5bGN3d2g5NWFXT2hHZy9EQU5CZ2txaGtpRzl3MEJBUXNGQURBVQpNUkl3RUFZRFZRUURFd2xzYjJOaGJHaHZjM1F3SGhjTk1qUXdOakl4TWpJMU1UTTJXaGNOTXpRd05qRTVNakkxCk1UTTJXakFVTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2YzNRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFERXcyMG1HUkcveGdPM0NKZmJOODV6NUdkUlZWQVFabzJXNHdCRTlUbjhDbnVjMUlsRAp3dmNWcDJOOXUwRmJuQlFMaTlVYm9vUHEvdU9qbCs2T2FZV1IvWlVrRUhaNUl1aDE1SEV3TTNXbXFBQWs2eWlUCmN4YzRDVHJ4TVFjWGhQRndSckw3SkJPcGNaRURjVTlHTmI5KzU0QUxaaXRVQlJXL0NqTEhsZ2lKbTlRKzdXNUcKUnkwNjFRSjJ0bDJ1YnVBTlJpNHlSTkQrbHlGcnllUE8xWExJZkwwQ1J6N0JjMlc0UTcyZmlLVGdzdjZ0K0NIMgpvMDdwWUhvTnVWN0pzdVRVVjV1TVFXTXB4K2M3SjlyaFl6eTVyU2g5T3A3ckQvam8vcGhMWWptNkQyL0lSRHhIClNuREFZc1YzRzQydWFmZlkyUndOSVk3bk5qQjBkbHRUNE1qcEFnTUJBQUdqWVRCZk1BNEdBMVVkRHdFQi93UUUKQXdJQ3BEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVdwpBd0VCL3pBZEJnTlZIUTRFRmdRVU1UYWlpbDlhY1BMTXFLMDRjRno3OTU5Y3RQb3dEUVlKS29aSWh2Y05BUUVMCkJRQURnZ0VCQUF1ZU0ySnRUM2tsOGJqS1hNS2hRaGRNY1JHK3hKUjJueU9PT2l3L2RnR1ZodGtNTFBncmJoWDcKNTZRSFhvUHFzbmM2REVXeDNRTjRrS3dEaFRDYjFMOXJiNWlxaTJXQ0FhejkxeGRuOTJqMW1rK0F5ZDRzRzcxWQptblBqQVZkb3BEYnB1d1pXMXJwUlJsUGRqV3U4MkFOV2RwOHhtemtWUlN2azd1WTVDUG9xNGFBdlRJbzgrbTVVCjhYdkpiZDdhOGdiWFMrU2locjAvUlg1ZW95QXRWNWRjSVZiamkxWmVjUVpESE9MZm9VUTdRR3FKWVZZOCthQWUKQ0tIOWdEWS9UeUx1NGVnNHlsdjdxeXNyNVdFMWRMaUMzbG1WaG1VcHhrdjVtTkR6dVNiSFNCc3RLK0Uya2loSgpQRk5pZmdTS1N6YW5PbkZWWVVvQjNaZVA5K0lsZS9FPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
```

Reviewers: sanketh, muthu, bgandhi, dshubin

Reviewed By: muthu, dshubin

Subscribers: dshubin, yugaware

Differential Revision: https://phorge.dev.yugabyte.com/D36069
  • Loading branch information
@amannijhawan
amannijhawan committed Jun 25, 2024
1 parent d0ce1cc commit 50815b5
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 13 deletions.
34 changes: 25 additions & 9 deletions stable/yugaware/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,15 +143,21 @@ Get or generate server cert and key
{{- if and $root.Values.tls.certificate $root.Values.tls.key -}}
server.key: {{ $root.Values.tls.key }}
server.crt: {{ $root.Values.tls.certificate }}
{{- if $root.Values.tls.ca_certificate -}}
ca.crt: {{ $root.Values.tls.ca_certificate }}
{{- end -}}
{{- else -}}
{{- $result := (lookup "v1" "Secret" .Namespace .Name).data -}}
{{- if $result -}}
{{- if and $result (index $result "server.pem") (index $result "ca.pem") -}}
server.key: {{ index $result "server.key" }}
server.crt: {{ index $result "server.crt" }}
ca.crt: {{ index $result "ca.crt" }}
{{- else -}}
{{- $cert := genSelfSignedCert $root.Values.tls.hostname nil nil 3560 -}}
{{- $caCert := genCA $root.Values.tls.hostname 3650 -}}
{{- $cert := genSignedCert $root.Values.tls.hostname nil nil 3650 $caCert -}}
server.key: {{ $cert.Key | b64enc }}
server.crt: {{ $cert.Cert | b64enc }}
ca.crt: {{ $caCert.Cert | b64enc }}
{{- end -}}
{{- end -}}
{{- end -}}
Expand All @@ -166,17 +172,27 @@ Get or generate server key cert in pem format
{{- $decodedCert := $root.Values.tls.certificate | b64dec -}}
{{- $serverPemContentTemp := ( printf "%s\n%s" $decodedKey $decodedCert ) -}}
{{- $serverPemContent := $serverPemContentTemp | b64enc -}}
{{- if $root.Values.tls.ca_certificate -}}
{{- $caPemContent := $root.Values.tls.ca_certificate -}}
ca.pem: {{ $caPemContent }}
{{- end}}
server.pem: {{ $serverPemContent }}
{{- else -}}
{{- $result := (lookup "v1" "Secret" .Namespace .Name).data -}}
{{- if $result -}}
{{- $serverPemContent := ( index $result "server.pem" ) -}}
server.pem: {{ $serverPemContent }}
{{- if and $result (index $result "server.pem") (index $result "ca.pem") -}}
{{- $serverPemContent := ( index $result "server.pem" ) -}}
{{- $caPemContent := ( index $result "ca.pem" ) -}}
ca.pem: {{ $caPemContent }}
server.pem: {{ $serverPemContent }}
{{- else -}}
{{- $cert := genSelfSignedCert $root.Values.tls.hostname nil nil 3560 -}}
{{- $serverPemContentTemp := ( printf "%s\n%s" $cert.Key $cert.Cert ) -}}
{{- $serverPemContent := $serverPemContentTemp | b64enc -}}
{{- $caCert := genCA $root.Values.tls.hostname 3650 -}}
{{- $cert := genSignedCert $root.Values.tls.hostname nil nil 3650 $caCert -}}
{{- $serverPemContentTemp := ( printf "%s\n%s" $cert.Key $cert.Cert ) -}}
{{- $serverPemContent := $serverPemContentTemp | b64enc -}}
{{- $caPemContentTemp := ( printf "%s" $caCert.Cert ) -}}
{{- $caPemContent := $caPemContentTemp | b64enc -}}
server.pem: {{ $serverPemContent }}
ca.pem: {{ $caPemContent }}
{{- end -}}
{{- end -}}
{{- end -}}
Expand Down Expand Up @@ -274,4 +290,4 @@ Make list of custom http headers
{{- end -}}
{{- end -}}
]
{{- end -}}
{{- end -}}
3 changes: 0 additions & 3 deletions stable/yugaware/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,9 +129,6 @@ spec:
- name: {{ .Release.Name }}-yugaware-tls-pem
secret:
secretName: {{ .Release.Name }}-yugaware-tls-pem
items:
- key: server.pem
path: server.pem
{{- end }}
{{- if .Values.prometheus.remoteWrite.tls.enabled }}
- name: {{ .Release.Name }}-yugaware-prometheus-remote-write-tls
Expand Down
7 changes: 6 additions & 1 deletion stable/yugaware/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,9 +272,14 @@ yugabytedb:
tls:
enabled: false
hostname: "localhost"
## Expects base 64 encoded values for certificate and key.
## Expects base64 encoded certificate, key, and CA certificate.
## Populate these for non-self-signed certificates.
## All three values should be base64 encoded.
## These will be used to create server.pem and ca.pem files.
## Note: The validity of the provided certificates is not verified.
certificate: ""
key: ""
ca_certificate: ""
sslProtocols: "" # if set, override default Nginx SSL protocols setting
## cert-manager values
## If cert-manager is enabled:
Expand Down

0 comments on commit 50815b5

Please sign in to comment.