Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow custom CommonName when cluster_mtls: pki #804

Merged
merged 3 commits into from
May 19, 2023
Merged

Allow custom CommonName when cluster_mtls: pki #804

merged 3 commits into from
May 19, 2023

Conversation

mheap
Copy link
Member

@mheap mheap commented May 19, 2023
edited

What this PR does / why we need it:

The CommonName for the cluster certificate must be set to kong_clustering when running in cluster_mtls: shared mode. When running in cluster_mtls: pki mode it can be any value that a CA will accept.

I've also added some additional documentation. The existing README shows how to use hybrid mode with a shared certificate. When running with Cert Manager we need to switch to pki mode.

This PR adds example values.yaml files + a README for this specific use case as it's come up a few times.

Which issue this PR fixes

FTI-4396

Special notes for your reviewer:

Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

  • PR is based off the current tip of the main branch.
  • Changes are documented under the "Unreleased" header in CHANGELOG.md
  • New or modified sections of values.yaml are documented in the README.md
  • Commits follow the Kong commit message guidelines

@mheap mheap requested a review from a team as a code owner May 19, 2023 12:04
@mheap mheap changed the title Hybrid mode pki Allow custom CommonName when cluster_mtls: pki May 19, 2023
@mheap
Copy link
Member Author

mheap commented May 19, 2023

@pmalek This is my first contribution to charts. What's the process for merge + release?

@pmalek
Copy link
Member

pmalek commented May 19, 2023

@pmalek This is my first contribution to charts. What's the process for merge + release?

You'd bump the version in

charts/charts/kong/Chart.yaml

Line 14 in 4a86260

version: 2.21.0
and edit the changelog accordingly. Upon merge chart-releaser will figure it out that a release is required due to a bumped version and will do so accordingly.

@mheap mheap requested a review from pmalek May 19, 2023 15:33
pmalek
pmalek approved these changes May 19, 2023
View reviewed changes
Copy link
Member

@pmalek pmalek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢

@mheap mheap enabled auto-merge (squash) May 19, 2023 15:52
@mheap mheap merged commit d5ccb32 into main May 19, 2023
12 checks passed
@mheap mheap deleted the hybrid-mode-pki branch May 19, 2023 15:52
pmalek pushed a commit that referenced this pull request May 25, 2023
@mheap @pmalek
feat(hybrid): Allow custom CommonName when cluster_mtls: pki (#804)
daa708e 
* feat(hybrid): Allow setting CommonName when using PKI for mTLS
* docs(hybrid): Add Hybrid mode w/ Cert Manager example
* Add changelog entry + bump chart version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pmalek pmalek pmalek approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mheap @pmalek