Skip to content

Commit

Permalink
Changed RabbitMQ TLS secret type to kubernetes.io/tls. Can use cert-m…
Browse files Browse the repository at this point in the history 
…anager created secrets with this chart now. (helm#20907)

Signed-off-by: Charalampos Kaidos <ckaidos@intracom-telecom.com>
Signed-off-by: Miguel Mingorance <miguel.mingorance@deliveryhero.com>
  • Loading branch information
@BabisK
BabisK authored and Miguel Mingorance committed Aug 28, 2020
1 parent 3b34958 commit d0e1e3a
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 9 deletions.
2 changes: 1 addition & 1 deletion stable/rabbitmq/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: rabbitmq
version: 6.18.0
version: 6.18.1
appVersion: 3.8.2
description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP)
keywords:
Expand Down
2 changes: 1 addition & 1 deletion stable/rabbitmq/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -342,7 +342,7 @@ You must include in your values.yaml the caCertificate, serverCertificate and se
-----END RSA PRIVATE KEY-----
```

This will be generate a secret with the certs, but is possible specify an existing secret using `existingSecret: name-of-existing-secret-to-rabbitmq`
This will be generate a secret with the certs, but is possible specify an existing secret using `existingSecret: name-of-existing-secret-to-rabbitmq`. The secret is of type `kubernetes.io/tls`.

Disabling [failIfNoPeerCert](https://www.rabbitmq.com/ssl.html#peer-verification-configuration) allows a TLS connection if client fails to provide a certificate

Expand Down
8 changes: 4 additions & 4 deletions stable/rabbitmq/templates/certs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,12 @@ metadata:
chart: {{ template "rabbitmq.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
type: kubernetes.io/tls
data:
ca_certificate.pem:
ca.crt:
{{ required "A valid .Values.rabbitmq.tls.caCertificate entry required!" .Values.rabbitmq.tls.caCertificate | b64enc | quote }}
server_certificate.pem:
tls.crt:
{{ required "A valid .Values.rabbitmq.tls.serverCertificate entry required!" .Values.rabbitmq.tls.serverCertificate| b64enc | quote }}
server_key.pem:
tls.key:
{{ required "A valid .Values.rabbitmq.tls.serverKey entry required!" .Values.rabbitmq.tls.serverKey | b64enc | quote }}
{{- end }}
6 changes: 3 additions & 3 deletions stable/rabbitmq/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,11 +311,11 @@ spec:
secret:
secretName: {{ if .Values.rabbitmq.tls.existingSecret }}{{ .Values.rabbitmq.tls.existingSecret }}{{- else }}{{ template "rabbitmq.fullname" . }}-certs{{- end }}
items:
- key: ca_certificate.pem
- key: ca.crt
path: ca_certificate.pem
- key: server_certificate.pem
- key: tls.crt
path: server_certificate.pem
- key: server_key.pem
- key: tls.key
path: server_key.pem
{{- end }}
- name: config-volume
Expand Down

0 comments on commit d0e1e3a

Please sign in to comment.