From 50815b544a71f0d4b9af4976e7136f727ef1d537 Mon Sep 17 00:00:00 2001 From: Aman Nijhawan Date: Mon, 24 Jun 2024 23:00:36 +0000 Subject: [PATCH] [PLAT-13422] Generate and save ca certificates along with self signed certificates to allow YBA clients to validate YBA certs Summary: [PLAT-13422] Generate and save ca certificates along with self signed certificates to allow YBA clients to validate YBA certs Test Plan: Upgrade tests ``` [centos@dev-server-anijhawan-4 yugaware]$ kubectl get secrets -n test-anijhawan-helm-2 yw1-yugaware-tls-pem -o yaml apiVersion: v1 data: server.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBeXlVVGUrcHVIaW5tSWhUeG5QWWF3OHFkOHRCUCt6RzVEM3RrekdZVWdDYVRaeUt2CmtMQ2M3bFRqbEc3d1h5TGtCZmRkT1QxTEJxMnBvSUcxWTBUM1MrZ1daQUx6MnJFRW0rcHFXRkJJbVlNSURhZnkKejNvZUFHZERPZ016UlJYS0RpUkVGUlM0WTBDLzZTcVNYL0ExbTBYVDJDellabklCQkNRQVU5UStya1Q0eEhSdApueFhqd2lFZ2p5UnFoT0tkZDB2eGw3eGhQYUpLbWQ0SG5Db1M4ZS9SNVdJb0JkMHdlZXVaeWc1cFk1S04zNUw4CjRFSjBkUkxmaDBkeXFtU3BuNWRrcXpwZzR4bGpuZHd2TmFpeDlBcU9iNHdUaUl6UEVmQ2ZNM1ZOMnVZQlNSNWQKak9GbElOeS9DZzVsa0t1TEdMUHZXVFBZYUNEOXFTRWxMeG1HbVFJREFRQUJBb0lCQVFDQUVTdXJYeXQwMEsxSQpwek42NUp3Uyt0V0FrbHNaM1VyeHU3VGNOeTZOYThSWnJNQkowMDNiNHFCbW4xbmlZRGlvbWoybkxFRDBRTjlEClZRSnBScjB3bVd3a09NaExBbllKWlVzTnllODYrQ1JIbDYyM3B5RHEyQzdGaitidWtzSURFRkhyaUZpR0dmZmkKb3ZnTWkzOEFHSkZwSXp4NXVUMXl3cytDQ2JoS1hBbEQxR012S09rNHdLd01IL2EyVDA4QTZmT0dGUGN0ODBTMAp2S3BhQUdsN3JEWFJvVFBuNzJ1OWIzZXltSnJlUmhLbWpyNmY0UTVTbFo1RWlXTitUNXd3clc4S25la3J0Tk0yCnpRa2V0WXRQcGZpWXVrdnFCbU1VR1dSc2F6eERmeHd5bnJHc0szK1BaNFc1YmsxbzJpWkxoNU9lQmQzVGZ0TG4KUmFuQldFNFJBb0dCQU8xdFZVVWxjb2xON1RLeUhDcll4eWNDMGNOYWxmRlEwVEtuZ1E4U3JTellFZmV2WmdWdApSOVlsZE1oQWFNQXJwcUtXdGJwMDU4Z2N2TGRZc05jejU1NS9iUFhpVzlKSDRJMG5jWFc0b1doWnFvZ1p3SUZPCmVnb29IM2RqT0FQTEZ2TzE4YWo0eWdYVnJIMUppL2lxb1Y1R0Z4LzNJc3BVeEM0c0JpdmxYREpiQW9HQkFOc0oKTnFqMkZMYzJXb09JVjkwd1pSYnZEbEM5SW4wWHAzYTVFOVpSVzhQWkpNQjVHNDF2Y2Zaa3AwUHVPSm1KYUU2awpZcGZjUC8zS0dTSE1pdWlrMTFmT3NGSWlJell3ajhPVU96QXU4TVZGVG5OeDZHUkdOQmo5OXNaNUg2cmcwalBiCk92Um41S1BPR3p1R2NHT3ZHRlVXVmxQNGYvZUp1czIzUzhzRmVGVWJBb0dBUG5JMExEU1dOR0RIa3o3ZlE3R3kKWjZOSk1uMWYxSkZ5QkVXa0h5ZkZYbmNSK3JncU9DRXU5TGJ6U1R3UGtRT3FGemRXWXMwZXJUWkp1RnRlWDZ1cQpMcmpMR3J6SGM3NHQ1RkpNZUM3d1hQYkFjSDE5Y1VVSHVpWWxhSXd6RG1SYkRBeDltL2liZ2Y5YUY3WEJWOHpoCkZsK084M3hYclNtd1U0aUdzd0xuUmVNQ2dZQlpDRHEyblNnNGZKaDRKS0NLWVJTR0tPK3BzK2RqNzR4N2ZxbG8Ka1RONnZUWHFJcEFuZ21oUlhnSjdZMGFRYWtFQ3ptRGhGMzdQV3lteUNtRmdSVGpmRVQyc2RRSFpFZzR0MG4vbwppdndGUTdHcXpWOUgreDFNRjFjS3Y4czJleUlXUUFPTHV2czk5aFl0c096WUtDRDgzUktFR1Z0eXRBSkJna01GCnFCaU1od0tCZ0RjQzQyVkNtU1VIWGxjcjN5Ti9lek5EaWNrckdubnpZZy9UZmpDQUlmRmN0OUQ2emdqTjBKRE4KSDkrakRNUjFkV0hCbDZ3cFRqUWdnUTdmcUdDT1RKV0lqdFF5TTZzK1hDQjZMa3F5a1lBOW80QzVXUDZBam9wNwpUcmFhWklvYkNSazA1cXRiVmg5VFk1MTgyYTVsWURGSW51bTBvSUZ4QUdUUVdkNzBuY0hWCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCgotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJQzhqQ0NBZHFnQXdJQkFnSVJBSm9pNXR4cWFPMThjYUEvWGFuTWpBa3dEUVlKS29aSWh2Y05BUUVMQlFBdwpGREVTTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTUI0WERUSTBNRFl5TkRJeU16a3dOMW9YRFRNME1EWXlNakl5Ck16a3dOMW93RkRFU01CQUdBMVVFQXhNSmJHOWpZV3hvYjNOME1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0MKQVE4QU1JSUJDZ0tDQVFFQXl5VVRlK3B1SGlubUloVHhuUFlhdzhxZDh0QlArekc1RDN0a3pHWVVnQ2FUWnlLdgprTENjN2xUamxHN3dYeUxrQmZkZE9UMUxCcTJwb0lHMVkwVDNTK2dXWkFMejJyRUVtK3BxV0ZCSW1ZTUlEYWZ5Cnozb2VBR2RET2dNelJSWEtEaVJFRlJTNFkwQy82U3FTWC9BMW0wWFQyQ3pZWm5JQkJDUUFVOVErcmtUNHhIUnQKbnhYandpRWdqeVJxaE9LZGQwdnhsN3hoUGFKS21kNEhuQ29TOGUvUjVXSW9CZDB3ZWV1WnlnNXBZNUtOMzVMOAo0RUowZFJMZmgwZHlxbVNwbjVka3F6cGc0eGxqbmR3dk5haXg5QXFPYjR3VGlJelBFZkNmTTNWTjJ1WUJTUjVkCmpPRmxJTnkvQ2c1bGtLdUxHTFB2V1RQWWFDRDlxU0VsTHhtR21RSURBUUFCb3o4d1BUQU9CZ05WSFE4QkFmOEUKQkFNQ0JhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUF3R0ExVWRFd0VCL3dRQwpNQUF3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUtjVjd2M3VYYVkzNGNqSGoyVEhkckI0ZGRGZTJMWU02cTM3CmtWRWVOQWdtaWJ1UU9zcFBtemViZCtxaWRpcENtKzMzV0xvcTZOU3R1bWtKOEJjUkNxNk4zN2toWTlvWWVxTzgKMlVnb0pBaldMcEFRQ1JSbHMvK0JES0RsUzZIWTdCb3BId3ZvODJYZUlTL28yNjVBRUZleXFoVXNXZGlnbFJWbQpXSVhURnNaaFNDa1RYZGZCdENTcXN2cmQ1R2czbkdhT05nQkVMY0dkMkN2ektIS05wUnFhNmhwWWtsQVJQREZhClk2Sk9TNXJ6cGZ6LzZ2VlFuSWJvQjFXVXlTeE8xanYwZnVpdXhORjdCa1VIdVVBajlTdHJPdmtEODRiaFRobE8KV2hjWU15RVZSaWhPSEdpTnFMVWRtS2VuNzhIMUpmVHJHdG16cmNtaEhlQTQ1T2FiY21NPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== kind: Secret metadata: annotations: meta.helm.sh/release-name: yw1 meta.helm.sh/release-namespace: test-anijhawan-helm-2 creationTimestamp: "2024-06-24T22:21:03Z" labels: app: yugaware app.kubernetes.io/managed-by: Helm chart: yugaware heritage: Helm release: yw1 name: yw1-yugaware-tls-pem namespace: test-anijhawan-helm-2 resourceVersion: "208270922" uid: e1f4a484-4e25-4a3d-8960-3faeb5597196 type: Opaque [centos@dev-server-anijhawan-4 yugaware]$ cat ~/cmd helm upgrade yw1 ~/code/charts/stable/yugaware --namespace test-anijhawan-helm-2 --wait --debug --timeout 3600s --set=yugaware.multiTenant=true,yugaware.resources.requests.cpu=5,nginx.resources.requests.cpu=0.25,postgres.resources.requests.cpu=0.5,prometheus.resources.requests.cpu=0.5,yugaware.resources.requests.memory=8Gi,nginx.resources.requests.memory=300Mi,postgres.resources.requests.memory=1Gi,prometheus.resources.requests.memory=4Gi,image.repository=quay.io/yugabyte/yugaware-itest,image.tag=2.21.0.0-b545,yugaware.storageClass=yb-standard,image.pullPolicy=Always,yugaware.service.annotations.networking\\.gke\\.io\\/load-balancer-type=Internal,additionalAppConf.nonStringConf.yb\\.internal\\.headers\\.subtask-abort-position\\.enabled=true,securityContext.enabled=true,securityContext.runAsUser=10002,securityContext.runAsGroup=10002,securityContext.fsGroup=10002 --set=helm.timeout=3600 --set=tls.enabled=true [centos@dev-server-anijhawan-4 yugaware]$ helm upgrade yw1 ~/code/charts/stable/yugaware --reuse-values -n test-anijhawan-helm-2 Release "yw1" has been upgraded. Happy Helming! NAME: yw1 LAST DEPLOYED: Mon Jun 24 22:51:29 2024 NAMESPACE: test-anijhawan-helm-2 STATUS: deployed REVISION: 4 [centos@dev-server-anijhawan-4 yugaware]$ kubectl get secrets -n test-anijhawan-helm-2 yw1-yugaware-tls-pem -o yaml apiVersion: v1 data: ca.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQU9SWGhrbnR1K3Q3RXNXclIyeUErdDR3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSmJHOWpZV3hvYjNOME1CNFhEVEkwTURZeU5ESXlOVEV5T0ZvWERUTTBNRFl5TWpJeQpOVEV5T0Zvd0ZERVNNQkFHQTFVRUF4TUpiRzlqWVd4b2IzTjBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUF2ZXFOREVCNXpIbTdBd05GNVhtY0xaOVd2NXBZOUMzeXMyS2J5S0pncEJ6ZWhwcEIKK3BVVjQrd21NRFppRUxrb2p4WHZ3Sy9lNitIQWNNc2JNRE5RczNHeklCbytUQjFycUZXOVBFOG95UUUrd05JZQp6MHhWdzl4OWFkS01adFQ5U3dJZzJCbnFPUWxBekViU1dHbVErR0hueW1PbDhONlJsK3VSMDJNRStKR05FREhVCjB6Sy82YWg2RmR5YWZ3V2U1akNzU2JtSStIV0FGNVRDQzB0RGNxeHg2TVhPam5qb1pndEZhV1I1bkllTkowM24KOE5oam5xN0x6Zjgyc1JKKzUyaS82RHJ3UUpKQ3l6V1pEaDdWeGs1YmxjaGt6S09RN3pjMHJVWVlHZDJqOVRSOApIclNKM2VGaHVtMW45cExwcDdva2NybXRDT1BiWXB3K2lBa3R3UUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGQUxSWnhOUWNiYkdhZnRQc1VqWXU4bEx5ZHBtTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQUlnS2k5R1UzMTczbDlvWGdVSGM1SGVzRDdXUzJnRnR2MWVjTEt0Sy9wcCthSzZkOVNaeW5PCjJuMHNHU1hQWjBFU1dIeVNKQlE3elZOOWlnV051TnBzcmdhWFhOczE1VkY4bFVHS3NoR2NkRmdxTHFZU25nQXQKRE5wcHRVL3FVUVEvVEpQdHlVcHl1U1RvYis4RlRIeXBEekJxbGhCbkREZHhEZ2pBcURHaXp3TWhuSXZlZ3l5RQpWcG1tVUF0RXdwL3RyUWVOT1Roazh6YnV1VE9sN3JvZE5OMFdLakdVN2ppTEwybEwrNFhmZkg3OHBwMS91NURtCmhHQ211cFROcEd2Mkhzejg2QUwvMzhyN04xS1U3SlJkd2VBemMycmFtM1hqLzZZNnJURGwrNXF0ZTRIL1o1RmoKeWF6alZUZ3ozSHNuTzhiY2p2b2tSMVRxNWp4MThpZW8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= server.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBMFhGVVJXZThLL1JpeUJoVTFyazFyU2YxS1I3MGNhMDRuUXphSk43akR2L0taR0hXCk45dU1Nbm9CUHJmQXlWcUpmTmJTRkFHaEY4NFpNcVIyYktYb0lweUJteHpwRlF3ZXZoelFLWDNVc09YRkNOTTcKcUNMOFhNaXQxWXVBUDVRZUhNcEFOekVld2F3bWpnYmV1YkEvRnYrN1RCTU1iL243Y1JYbmlSeWIycytrem52TQorc1RJQVBmMVYrZTZyMWt1S2lqeUtRNnlwTnZ5Z1EzZ0FMMVY3dWI5dG5XVmlSUE8xZkRjMGFZb2l2Q2s5Y1dyCkdXeU4vUTlhVWFTMDhncG0yTUZsSDlXd3VRMnNMZ3dSSkdBRFJUUGN1QUFzT1N3aFFZUlpYTVlXMHZWa0tGamkKbjZ5bytjY3M2NkdhKy9hbEtYa2hxN3JIajN3Rlg2K0c4VWVKWXdJREFRQUJBb0lCQURta2ZESUI0OXNoRHBMTgpoNFAxUTEyZHNxNlhrMlU1N0d2azNxRHBLd3Ewd1lveEZ4a1dkcFpwMTYvZ09OSHg5Z2NDeEp5MitoUW9KKzAxCk1GYWtycWZmOVJld3RFR1RyVjViWmJzVm81VHdGL05lMTN0bDdaakhybmdvUmFxNTVETytRa0F1WjYyYjZKeU0KTFg1amtHbVBCb2hnY2JyYnpTVUpoMGpJTStqYlgxdkp2MERFWlY2cVhmOHRVVHhpdFkvQmI2QW5qalpHS3VWSgowT0V5cGw0TW4zV1hKMHQxRjJ3TWtXaHFhS2hGc29tYUV0YjhJUDRlT0pBZFlIL0Ruc0lXTFVDSkQ2ZEdZTUtWCk5MOGlFZjNXeGhISmhkTjdzNUtPOWFraWlQejU2Sk5RYURRZFdjSjRqell2ZnBNdXBzc1JndCt5SWJwRHd5V2sKM2VPYVJDRUNnWUVBOTdubUFyellCalljQXZSTjVqRzFKOFZTK3YzdG5UcGREMW1aak55ZVFjVzd3YmxKUmw0OAo3N1N4eDkxKzRMeXBpbWZTdCtLcDd4a3kvazZGUHRwZHhwTXJaRXJ1azMybTN4d2RrT1VTdlBGYnpNY1ZZOEZiCnBtMHJFVGJDbFNmTVBCZExtNTZtUGpzcWl3UmtkQ0c3WUdRNmkxUTZzVFFFZmkrdU85SmcrM01DZ1lFQTJIQVoKc3htVTErUGUvU3NGNERmczNVeGxPWWJiT0dQY3MzSGZaUTF5bFNiSTJ1Zk55UUdJTnljMUo0aGNIc09WMlhYLwpKbG5DdjZ3cUN1RkYrUGJ0NUhrOFFYd3RkMmp1c3ZEeWpqVmE2WmRuL3NtMUgrbExaQXZEMnJSZC8raVRWMC9tCklDWjFYYVdkQlNpc1NXY21yTVJVOFRCRlN6RS85Tm4zY3prOW5sRUNnWUVBZ0pBOXl0WHUxdXBtQnpKNjZ5aUkKOTZiMHRjWHE5MW8reWFTYWgveEhOYU5GR2ZqckNsWUdFZkVaQXJ6MUIvVmhsNjdpTVFTMVpKMFRWZCt5VHpoTQp5cTIrSzBLb0ptdGptdzZnV1g1SkJ6M0xncThmYnJIK3VwU1ZjVTJXRm9xYzkrS3ZIb2hyaG9oMlA4ZDd5cmxtCjRWT2kvb1FzSWFMNVlmT2szTzhGM2ZrQ2dZQTBoRTdZRkZiM1k0VlI3TVNLT1VleUVyMWxEZ0hYVnZQUVhzc1QKM0FWM2gyZXBKaUhhcWhLQlAzUTRXVy93endobk1haHRoODRuY0FEcmp1bkpsVEQ0QlNySHdQZlBSNWpUdG45RQpYbEhtNkNRRndLL0FSSDFVa3o0OHJSTTU2eGNGVW8vR01VNjlJRmhQVGlVdjBtV2graW1hTkZvNytvRklTak11CnRDN3RZUUtCZ0NRb1RaSmVEQ3ZDYXVpdEJYUTc1dTBUcDFKNzBhRUNhdCtXQkwwcDc4U0liSjdSNmZsL2JYNlMKUXVXYURvMFZ1T1dZRndzUWk5NXRqZ0N2N1ErTlNJdUdDU1ZXZDM5NlY0TFhrL093eG1uZXp0M2tCbnlFWFo3Nwo5c09YK1ZJNG5YNUdXdkRSWFcrZFBaamxiTlkraVRxcThWMXFZWGtab1BRODJzakdsdG5HCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCgotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJQzhUQ0NBZG1nQXdJQkFnSVFIcS9vT3kvT2FKSmFmRUlnNGhTalNEQU5CZ2txaGtpRzl3MEJBUXNGQURBVQpNUkl3RUFZRFZRUURFd2xzYjJOaGJHaHZjM1F3SGhjTk1qUXdOakkwTWpJMU1USTVXaGNOTXpRd05qSXlNakkxCk1USTVXakFVTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2YzNRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFEUmNWUkZaN3dyOUdMSUdGVFd1VFd0Si9VcEh2UnhyVGlkRE5vazN1TU8vOHBrWWRZMwoyNHd5ZWdFK3Q4REpXb2w4MXRJVUFhRVh6aGt5cEhac3BlZ2luSUdiSE9rVkRCNitITkFwZmRTdzVjVUkwenVvCkl2eGN5SzNWaTRBL2xCNGN5a0EzTVI3QnJDYU9CdDY1c0Q4Vy83dE1Fd3h2K2Z0eEZlZUpISnZhejZUT2U4ejYKeE1nQTkvVlg1N3F2V1M0cUtQSXBEcktrMi9LQkRlQUF2Vlh1NXYyMmRaV0pFODdWOE56UnBpaUs4S1QxeGFzWgpiSTM5RDFwUnBMVHlDbWJZd1dVZjFiQzVEYXd1REJFa1lBTkZNOXk0QUN3NUxDRkJoRmxjeGhiUzlXUW9XT0tmCnJLajV4eXpyb1pyNzlxVXBlU0dydXNlUGZBVmZyNGJ4UjRsakFnTUJBQUdqUHpBOU1BNEdBMVVkRHdFQi93UUUKQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJdwpBREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBcmx3M2FEVXg5MXl4Smw5VVExaDFwUm9mQ0RjV2hzNnhIWkw3ClpXaGlDbWx4Y2lqbmo4MEpZUDlDczRGalIwQkdEUWcwaHBIRG9qT2hXNkF6TmgrNjZzQWVrRHNrTDJzSHVGR2kKVTVwQUMxYnRPWmdlb3drUVNydDZLV240RXpYVUFJL1E3bkwyaTUrakhBTnV3dXRaaDdyc3JQdHowYkQ0QjFHUApudE9sSHFhR2NUeFdBNzVjZHVmOVo4ZG5ueVBaRVpoVW5wUWo4eWl6ZC9qeTVnM2N5Rk9aamU4MmJtSzJmR3lzCnZXNHQ1ZllCNHJMM3VXVWYyUkNPeWFnZk91TCt1L0tLR0swZzRzZ3BNelR5cEh0V1RTeE1BSyt1Q2hESjVNSXAKSCt3dHdoK3loQnQvbU9qYTJXK1B5b1M1QkNjRGZJQUhNTHp0dW85VGFaL3pnN1ljaFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== kind: Secret metadata: annotations: meta.helm.sh/release-name: yw1 meta.helm.sh/release-namespace: test-anijhawan-helm-2 creationTimestamp: "2024-06-24T22:21:03Z" labels: app: yugaware app.kubernetes.io/managed-by: Helm chart: yugaware heritage: Helm release: yw1 name: yw1-yugaware-tls-pem namespace: test-anijhawan-helm-2 resourceVersion: "208271815" uid: e1f4a484-4e25-4a3d-8960-3faeb5597196 type: Opaque ``` ==== Generated some more ``` populated all values. stable/yugaware/values.yaml --- YAML 270 memory: 4Gi 270 memory: 4Gi 271 271 272 tls: 272 tls: 273 enabled: false 273 enabled: true 274 hostname: "localhost" 274 hostname: "localhost" 275 ## Expects base 64 encoded values for certificate and key. 275 ## Expects base 64 encoded values for certificate and key. 276 certificate: "" 276 certificate: "foobar" 277 key: "" 277 key: "foobar" 278 ca_certificate: "" 278 ca_certificate: "foobar" 279 ca_key: "" 279 ca_key: "foobar" 280 sslProtocols: "" # if set, override default Nginx SSL protocols setting 280 sslProtocols: "" # if set, override default Nginx SSL protocols setting 281 ## cert-manager values 281 ## cert-manager values 282 ## If cert-manager is enabled: 282 ## If cert-manager is enabled: ``` ``` # Source: yugaware/templates/configs.yaml apiVersion: v1 kind: Secret metadata: name: release-name-yugaware-tls-pem labels: app: "yugaware" chart: "yugaware" release: "release-name" heritage: "Helm" type: Opaque data: ca.pem: aWxsZWdhbCBiYXNlNjQgZGF0YSBhdCBpbnB1dCBieXRlIDQKaWxsZWdhbCBiYXNlNjQgZGF0YSBhdCBpbnB1dCBieXRlIDQ= server.pem: aWxsZWdhbCBiYXNlNjQgZGF0YSBhdCBpbnB1dCBieXRlIDQKaWxsZWdhbCBiYXNlNjQgZGF0YSBhdCBpbnB1dCBieXRlIDQ= --- ``` ``` tls.enabled, ca_certificate empty. [centos@dev-server-anijhawan-4 yugaware]$ git diff stable/yugaware/values.yaml --- YAML 270 memory: 4Gi 270 memory: 4Gi 271 271 272 tls: 272 tls: 273 enabled: false 273 enabled: true 274 hostname: "localhost" 274 hostname: "localhost" 275 ## Expects base 64 encoded values for certificate and key. 275 ## Expects base 64 encoded values for certificate and key. 276 certificate: "" 276 certificate: "foobar" 277 key: "" 277 key: "foobar" 278 ca_certificate: "" 278 ca_certificate: "" 279 ca_key: "" 279 ca_key: "" 280 sslProtocols: "" # if set, override default Nginx SSL protocols setting 280 sslProtocols: "" # if set, override default Nginx SSL protocols setting ``` ``` type: Opaque data: server.pem: aWxsZWdhbCBiYXNlNjQgZGF0YSBhdCBpbnB1dCBieXRlIDQKaWxsZWdhbCBiYXNlNjQgZGF0YSBhdCBpbnB1dCBieXRlIDQ= ``` Generated helm template and checked that ca.pem was generated along with server.pem. ``` # Source: yugaware/templates/configs.yaml apiVersion: v1 kind: Secret metadata: name: release-name-yugaware-tls-pem labels: app: "yugaware" chart: "yugaware" release: "release-name" heritage: "Helm" type: Opaque data: server.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdG1ldGxETWppZkNQdmJ1bmkrZWlIRFVxQ0I4Nm8weSszZjg2R3Z1WnNPVTdlUkdzCmFyd1c1ZUhMRi9xWVN6czJubjlmWmdNWEZUY3oxMjRwdkNiWFQzV3BQK3J1MWdFVVR5aWhzZjE5MlJETFZwVUUKWXMvQ3g5aFRsRjJQL0Zvai9BMzlaWElpQ0l2VlJ2dlcvd3BDWG5oOHpXQ3ZLcnFsbEN1cWtmZlliKzJGVzdOegpCM09GWDFVM1l0dFU5T0R1Rm1wcTNyTzBrOGhycUpQSzVHa0hibWpiMmkvZGtEckxhcXpwK1Nkb2ZUMHhlWHEwCnczSng4WlJ5QkUvNm5pWmhVN1JZM0Z6RS9IV0FtVjhUZHdNWFRzLzRpUkpXM0lzYzJSRDF0Uk9oVCt4dzQ5NDMKdU5teDFVeUkvZTVpekxhRWk2eXJkQW9rQkZGQUEvbUdmaUNhdHdJREFRQUJBb0lCQUE4VHFNUk1LYzdZQkhtUgpUanNCTFdRWmZOem8vK2JKakNrN1ZHa3dqTGFUYkFRSTB2Q0xsWFR3NGVHY2hBUUw0K3JiNmwyN09hZzJST0cwCnFGeDE5V3dLOUs5azB0TDdpZHMxSjVCWHZKUTVrQ1VhOGg3Y3YyUFhYS2t4eHBuOE5XYzdITXZLMEVkV2o0MXIKZVl6aEl6VTl6a3NIaDlNSFZISlgzYVJ0RVFYSFAyY1pQN3dFYVRIT2xHVUtSR3pYYzBRQ3BQVy9BSk4xTDNTVgpaRmZqS0wzbnBQTGRqR1JCbzcwcHJTYkJwdUliU1BObzdzR2tvWVR2MEFOakh1eG1jY1gwamhraGRma3dQeFpoCm81M2JUZDJhempVT2FQRHRFWFJBRzZEUk9ZWUdGWVVzSnZsOGRKeUVHR25EWVB0czJKK21BQUFMaDNLcnV0MEwKTERtMThaRUNnWUVBeW5KajNMQ1JRbXZGWG0wWk1ZWFJzbFNBTUdtM2QxaE16aStOZHR2N3d3WUpVaFZMTTQwSwp4NVNxcThiczV4ZE5EN1Rrd2YxUHBsUmF6VkI4RXh5WXV4S2pDYVI2OGR6bEdLVmpvSG5pTkh3VzdTU0lPU3pVCkQrZ2lhbFVPaUQ1aUd0SEZycEMzT2U5VFIrYVp6a1k2dloyVUY2cERZSXgzN0VjS2JBNXYwTzhDZ1lFQTVxZ1EKTEkvZThZTzJIaEh3d3J6T1M0VWxCUDB2dkdJeTczbzJvVW1ldDU4SWZxT2xtK1F2TmprWEtlYmNQZFJydGVRUQp4QUlLbzNiNkxXbUg1ZFBRTG05RllzeFhvck1rZEU0ZUN1YmZsblVlZUd6SDFmcXFzcldZZmdFaHJGeW5JMlcyCk94cEVmVzNQRGo5ZVI3MURyY1BkVk9LRDBuQ1FEUXpBaW5IYlFya0NnWUVBdlZmVmZJQUxxL0srQ3YzQTFXZVMKWTliU2VmVTJLY0lGTzhhUDZiMy9yenlERlNsalIxaS8zMEIxaSttbWd0QnhPNkoxWGRZOFc1V0R3NGxtTWozSgp2eFhFTk8ySUs1UHRGV3NDVGdJUkJnT1ZNY0M4UTdWZ3RXdm9YRWtuS1ZnblMyd3RGb0sxUzlOQnNmckVtWDluCnl4YUpmc1M0OWFFTFBJcUkvZDFXeVRNQ2dZRUEzY3hHb1ZOSG94NXdoY0hpcnFBNEQ4N2Nwa3VCRjdtbUdUcUEKUmVBeFM0a1Y5aEVQTXpUZFlWck10M0pUM3ZEaEVtdFk0K0xDc0NXOHRPYUIwN00yd1RBbW5MYTZucTE5SklucAp3Ym40endtWVgxemJYUnhLQU1jMitCUEdlYVF1NUk3dUNTOWRKTy91NTFod0pMUU8zSTAzekdSMU5tc2ZXaTBsCkNQd3JSNkVDZ1lFQWtoYWN6V1RlN0xvNTB4Qzc2L0FyZ0pETCtnU096NGJxZUJmWlptajdJazdUNTljYWZic2gKVHpNdk5pS1B4WmVMRVhWd1hsekE3dG0zNWZGQVk5eitEMXhnYUR0V0NSbWpuL1hCRkMyZDVmek1BTXc4YzYwWgpsd3JnOWFrRnZZOHhxMU41NzU2Wkw5VmQ1eE01VUVlblJWN0wzNzluYzNuREY0T1Zab1ZTVEYwPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQoKLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4VENDQWRtZ0F3SUJBZ0lRSGZYQkM3Y0hwc01vR0M1UmJ3Nko0ekFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2YzNRd0hoY05NalF3TmpJeE1qSTFNVE0yV2hjTk1qVXdOakl4TWpJMQpNVE0yV2pBVU1SSXdFQVlEVlFRREV3bHNiMk5oYkdodmMzUXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQzJaNjJVTXlPSjhJKzl1NmVMNTZJY05Tb0lIenFqVEw3ZC96b2ErNW13NVR0NUVheHEKdkJibDRjc1grcGhMT3phZWYxOW1BeGNWTnpQWGJpbThKdGRQZGFrLzZ1N1dBUlJQS0tHeC9YM1pFTXRXbFFSaQp6OExIMkZPVVhZLzhXaVA4RGYxbGNpSUlpOVZHKzliL0NrSmVlSHpOWUs4cXVxV1VLNnFSOTlodjdZVmJzM01ICmM0VmZWVGRpMjFUMDRPNFdhbXJlczdTVHlHdW9rOHJrYVFkdWFOdmFMOTJRT3N0cXJPbjVKMmg5UFRGNWVyVEQKY25IeGxISUVUL3FlSm1GVHRGamNYTVQ4ZFlDWlh4TjNBeGRPei9pSkVsYmNpeHpaRVBXMUU2RlA3SERqM2plNAoyYkhWVElqOTdtTE10b1NMckt0MENpUUVVVUFEK1laK0lKcTNBZ01CQUFHalB6QTlNQTRHQTFVZER3RUIvd1FFCkF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXcKQURBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWxoT3JrWUVIblF0dXk1OTJueHhOVlpJdlhFaHg4UDFPakZSRQpXZDQ5YWpVUTlOMk84MlMrblZWMHBoWVFXTExCeTZQYi9jcTlPRXVta1dKR3Q2eElQNGc1Y013UklmWUFlM2Z0CllUdDNqRFcvN0JPNExLYXlJR2RpaXBoWmQ3MjNxNThVSTVxMHZXNDQ4blhSckJHMFRJeXNVK0FZb0I2dm8ycEYKd3NkcjZUS2JUcG9Kdm41cjFORzZUcmxieDNaRXJaK1NOakZibER1Y01VMTQ0TjVna25waFNPb1YzK3VCdnpoVQpXZW9wdUFNQ1ZsQm9KdDVGRE9tQmJTV1JYUlFJRG5ZQUVsMDdDQnpyUXVhVSs0K2xDdnZNYnNUNkNIR0Q5NnJVCjg3dERuczFHZW5CNDFwaWZxQkNWaC9tN0x3RlVZdG9ZTFMrdlYweDIraXFqaFF4Ykh3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= ca.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBeE1OdEpoa1J2OFlEdHdpWDJ6Zk9jK1JuVVZWUUVHYU5sdU1BUlBVNS9BcDduTlNKClE4TDNGYWRqZmJ0Qlc1d1VDNHZWRzZLRDZ2N2pvNWZ1am1tRmtmMlZKQkIyZVNMb2RlUnhNRE4xcHFnQUpPc28KazNNWE9BazY4VEVIRjRUeGNFYXkreVFUcVhHUkEzRlBSalcvZnVlQUMyWXJWQVVWdndveXg1WUlpWnZVUHUxdQpSa2N0T3RVQ2RyWmRybTdnRFVZdU1rVFEvcGNoYThuanp0Vnl5SHk5QWtjK3dYTmx1RU85bjRpazRMTCtyZmdoCjlxTk82V0I2RGJsZXliTGsxRmViakVGaktjZm5PeWZhNFdNOHVhMG9mVHFlNncvNDZQNllTMkk1dWc5dnlFUTgKUjBwd3dHTEZkeHVOcm1uMzJOa2NEU0dPNXpZd2RIWmJVK0RJNlFJREFRQUJBb0lCQUFPenJZMEc4YmVLOFN6egpZM0FEWjhYMGFTRTFtckVFVE91bXo2MThjNS9UVHFvUHNabHR4SnBLc090L3AyWWkxSm0zQXNablUxWUxmNXJuClU5eW9EWlJHa2hUQW5vbis1eUs0cm94Nm0xOE1VQnhodER5NThKamtTNUNZSElzTHZFTWhnV0tLTmpoODQzNk8KRmpDNitDUmFGS1dpUVhSdU9BK0ZFSm1Dc0J4dW9xZ2U5RTRvcTZNTFhZMmt4eE43d0VQc28wcmUzZWtwc1lPeApiTHd6VlR5TEViSk5wcXBJM08zQ2c4SjRuaHZoZTJSUjZXWG9ZYW4xbFpFWHo0M1NYUzBhTUJJVWpiaEU0ZjM2Ck00Nk1mY3hJZUhXQUIwNVdhazR2THZHUzNFSkhrUUN6SDFHbnVUbittU2xudms3emNEV1BpbzQ1NHVHbFBrbWgKNWJZSCtKRUNnWUVBNVplbThlSi9Rbk5ES2g1aEgyNHdBZzl6Kzc3b051bzE5NTFESkY3ZnhUdW5CYUZEQ0JiTwpYQWV1eGNBeGFpUlZQbWhMUVdZOWxWL1RLemg5WS9QeDg5N3o2bmhCOGhEQmpVVHowY042MVdYQ2k1MmM3QW9rCmpDajZ2Y2RWUkt4L1NkMnNDelROMVV4ak1rYTJSUXBCcG9pNTVMcTRTdjc5dU5sUFpveUhNVzBDZ1lFQTIyVWYKeDRhcXIwQXkxa1JWRi81MitrdXpOMVA2TzgveUp0SGNhRkF0Mm13c3FTN29NTjNSYk0zNDcxemY3dG1FdWtyTgppRnlKaG1RZzBiUHZwY2tiRE9RVXdrRldla1Vmb0pVejdMbG9iM2pSVmhSMWRjTGZQOGRqVlhxL2pHR3YyeDNhCkFTaEhSY05ZMGhrcFZ3ZmVrL1hiZ2JNU2RNdkFEeko0c0VjYXcrMENnWUVBc2ZtOFJWZVIxUDRxdTVTdkwwRW8KWUFDQXBVOFpEYkREUXY2YWxMQWpBTzY4QzZZMW95aWlzVDZYWWQ0WnNERVlEM2VqbHIvZHoxUm9DdUlRZVpJYQpKalRYbWhPODh4dkFIbldzR0JoVHVPYllSNGhYbzdZOUhKV0x3ZCtxbnNDbEw2cHgrb0hsYVlwOGZ2WEh4MzhxCjR5Q3NFYjRZckxJOEZyWUdVZlZ2dTRVQ2dZQXZiUm5Fa1BqZXIzc04xSEdzb1NacER1b3I0S3hzTjVSNkRjMmUKZ3c2V2MrSG5wS3N1dlJTamQ1Y0RiMGs5SWFwT2R4TWRFaHZzZ0VLVDhsaXd0dHR4R3ZEZDJTL3ZlSGZReDlBVQpzVFBCUFJYTGpOcWpYVC9UVXEvSGI2UnVuVU5kazRObjBxUXRrWC9tMHVlYjE2aW14WFB4QXB2UHdhZS80VUl6Cm9QdEpOUUtCZ0ZidVhBcEZ0NlhXMTkxdWUyN3VITmcxSjV4aTkvZUdlVGpQYTBlZ0xlL0o3aGgzREVBTjFRNk0KcjVhN1N1NWM3YnAxdXdYMDZFNFdGR3N0VDFSNStpZWdDRmN2SXRCVVQvSG52UUhwcFBnVTFHRW5idWpLR1NaaQp3SndwTGNZN0dqSk1VVXNMM1k4TDZ0YmUwTXVGclNYRjVBcEFjZjlLQWNROW9ta3l2T21MCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCgotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJREV6Q0NBZnVnQXdJQkFnSVFQbGY5WHJ5bGN3d2g5NWFXT2hHZy9EQU5CZ2txaGtpRzl3MEJBUXNGQURBVQpNUkl3RUFZRFZRUURFd2xzYjJOaGJHaHZjM1F3SGhjTk1qUXdOakl4TWpJMU1UTTJXaGNOTXpRd05qRTVNakkxCk1UTTJXakFVTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2YzNRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFERXcyMG1HUkcveGdPM0NKZmJOODV6NUdkUlZWQVFabzJXNHdCRTlUbjhDbnVjMUlsRAp3dmNWcDJOOXUwRmJuQlFMaTlVYm9vUHEvdU9qbCs2T2FZV1IvWlVrRUhaNUl1aDE1SEV3TTNXbXFBQWs2eWlUCmN4YzRDVHJ4TVFjWGhQRndSckw3SkJPcGNaRURjVTlHTmI5KzU0QUxaaXRVQlJXL0NqTEhsZ2lKbTlRKzdXNUcKUnkwNjFRSjJ0bDJ1YnVBTlJpNHlSTkQrbHlGcnllUE8xWExJZkwwQ1J6N0JjMlc0UTcyZmlLVGdzdjZ0K0NIMgpvMDdwWUhvTnVWN0pzdVRVVjV1TVFXTXB4K2M3SjlyaFl6eTVyU2g5T3A3ckQvam8vcGhMWWptNkQyL0lSRHhIClNuREFZc1YzRzQydWFmZlkyUndOSVk3bk5qQjBkbHRUNE1qcEFnTUJBQUdqWVRCZk1BNEdBMVVkRHdFQi93UUUKQXdJQ3BEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVdwpBd0VCL3pBZEJnTlZIUTRFRmdRVU1UYWlpbDlhY1BMTXFLMDRjRno3OTU5Y3RQb3dEUVlKS29aSWh2Y05BUUVMCkJRQURnZ0VCQUF1ZU0ySnRUM2tsOGJqS1hNS2hRaGRNY1JHK3hKUjJueU9PT2l3L2RnR1ZodGtNTFBncmJoWDcKNTZRSFhvUHFzbmM2REVXeDNRTjRrS3dEaFRDYjFMOXJiNWlxaTJXQ0FhejkxeGRuOTJqMW1rK0F5ZDRzRzcxWQptblBqQVZkb3BEYnB1d1pXMXJwUlJsUGRqV3U4MkFOV2RwOHhtemtWUlN2azd1WTVDUG9xNGFBdlRJbzgrbTVVCjhYdkpiZDdhOGdiWFMrU2locjAvUlg1ZW95QXRWNWRjSVZiamkxWmVjUVpESE9MZm9VUTdRR3FKWVZZOCthQWUKQ0tIOWdEWS9UeUx1NGVnNHlsdjdxeXNyNVdFMWRMaUMzbG1WaG1VcHhrdjVtTkR6dVNiSFNCc3RLK0Uya2loSgpQRk5pZmdTS1N6YW5PbkZWWVVvQjNaZVA5K0lsZS9FPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== ``` Reviewers: sanketh, muthu, bgandhi, dshubin Reviewed By: muthu, dshubin Subscribers: dshubin, yugaware Differential Revision: https://phorge.dev.yugabyte.com/D36069 --- stable/yugaware/templates/_helpers.tpl | 34 ++++++++++++++++------ stable/yugaware/templates/statefulset.yaml | 3 -- stable/yugaware/values.yaml | 7 ++++- 3 files changed, 31 insertions(+), 13 deletions(-) diff --git a/stable/yugaware/templates/_helpers.tpl b/stable/yugaware/templates/_helpers.tpl index b995b6e83e..dc7c250894 100644 --- a/stable/yugaware/templates/_helpers.tpl +++ b/stable/yugaware/templates/_helpers.tpl @@ -143,15 +143,21 @@ Get or generate server cert and key {{- if and $root.Values.tls.certificate $root.Values.tls.key -}} server.key: {{ $root.Values.tls.key }} server.crt: {{ $root.Values.tls.certificate }} + {{- if $root.Values.tls.ca_certificate -}} +ca.crt: {{ $root.Values.tls.ca_certificate }} + {{- end -}} {{- else -}} {{- $result := (lookup "v1" "Secret" .Namespace .Name).data -}} - {{- if $result -}} + {{- if and $result (index $result "server.pem") (index $result "ca.pem") -}} server.key: {{ index $result "server.key" }} server.crt: {{ index $result "server.crt" }} +ca.crt: {{ index $result "ca.crt" }} {{- else -}} - {{- $cert := genSelfSignedCert $root.Values.tls.hostname nil nil 3560 -}} + {{- $caCert := genCA $root.Values.tls.hostname 3650 -}} + {{- $cert := genSignedCert $root.Values.tls.hostname nil nil 3650 $caCert -}} server.key: {{ $cert.Key | b64enc }} server.crt: {{ $cert.Cert | b64enc }} +ca.crt: {{ $caCert.Cert | b64enc }} {{- end -}} {{- end -}} {{- end -}} @@ -166,17 +172,27 @@ Get or generate server key cert in pem format {{- $decodedCert := $root.Values.tls.certificate | b64dec -}} {{- $serverPemContentTemp := ( printf "%s\n%s" $decodedKey $decodedCert ) -}} {{- $serverPemContent := $serverPemContentTemp | b64enc -}} + {{- if $root.Values.tls.ca_certificate -}} + {{- $caPemContent := $root.Values.tls.ca_certificate -}} +ca.pem: {{ $caPemContent }} + {{- end}} server.pem: {{ $serverPemContent }} {{- else -}} {{- $result := (lookup "v1" "Secret" .Namespace .Name).data -}} - {{- if $result -}} -{{- $serverPemContent := ( index $result "server.pem" ) -}} -server.pem: {{ $serverPemContent }} + {{- if and $result (index $result "server.pem") (index $result "ca.pem") -}} + {{- $serverPemContent := ( index $result "server.pem" ) -}} + {{- $caPemContent := ( index $result "ca.pem" ) -}} + ca.pem: {{ $caPemContent }} + server.pem: {{ $serverPemContent }} {{- else -}} - {{- $cert := genSelfSignedCert $root.Values.tls.hostname nil nil 3560 -}} -{{- $serverPemContentTemp := ( printf "%s\n%s" $cert.Key $cert.Cert ) -}} -{{- $serverPemContent := $serverPemContentTemp | b64enc -}} + {{- $caCert := genCA $root.Values.tls.hostname 3650 -}} + {{- $cert := genSignedCert $root.Values.tls.hostname nil nil 3650 $caCert -}} + {{- $serverPemContentTemp := ( printf "%s\n%s" $cert.Key $cert.Cert ) -}} + {{- $serverPemContent := $serverPemContentTemp | b64enc -}} + {{- $caPemContentTemp := ( printf "%s" $caCert.Cert ) -}} + {{- $caPemContent := $caPemContentTemp | b64enc -}} server.pem: {{ $serverPemContent }} +ca.pem: {{ $caPemContent }} {{- end -}} {{- end -}} {{- end -}} @@ -274,4 +290,4 @@ Make list of custom http headers {{- end -}} {{- end -}} ] -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/yugaware/templates/statefulset.yaml b/stable/yugaware/templates/statefulset.yaml index 8073b72d92..48146cfe00 100644 --- a/stable/yugaware/templates/statefulset.yaml +++ b/stable/yugaware/templates/statefulset.yaml @@ -129,9 +129,6 @@ spec: - name: {{ .Release.Name }}-yugaware-tls-pem secret: secretName: {{ .Release.Name }}-yugaware-tls-pem - items: - - key: server.pem - path: server.pem {{- end }} {{- if .Values.prometheus.remoteWrite.tls.enabled }} - name: {{ .Release.Name }}-yugaware-prometheus-remote-write-tls diff --git a/stable/yugaware/values.yaml b/stable/yugaware/values.yaml index b6e75cbc50..ff9118c8c7 100644 --- a/stable/yugaware/values.yaml +++ b/stable/yugaware/values.yaml @@ -272,9 +272,14 @@ yugabytedb: tls: enabled: false hostname: "localhost" - ## Expects base 64 encoded values for certificate and key. + ## Expects base64 encoded certificate, key, and CA certificate. + ## Populate these for non-self-signed certificates. + ## All three values should be base64 encoded. + ## These will be used to create server.pem and ca.pem files. + ## Note: The validity of the provided certificates is not verified. certificate: "" key: "" + ca_certificate: "" sslProtocols: "" # if set, override default Nginx SSL protocols setting ## cert-manager values ## If cert-manager is enabled: