'emqx' Helm chart ssl.existingName not working

[aventi-lasith]

What happened?

I'm using Helm charts to deploy EMQX broker on Kubernetes and want to use an existing secret with a cert file and a keyfile. I am using the following values file.

emqxConfig:
  EMQX_CLUSTER__DISCOVERY_STRATEGY: k8s
  EMQX_CLUSTER__K8S__ADDRESS_TYPE: hostname
  EMQX_CLUSTER__K8S__APISERVER: https://kubernetes.default.svc:443
  EMQX_CLUSTER__K8S__NAMESPACE: '{{ .Release.Namespace }}'
  EMQX_CLUSTER__K8S__SERVICE_NAME: '{{ .Release.Name }}-headless'
  EMQX_CLUSTER__K8S__SUFFIX: svc.cluster.local
  EMQX_AUTHENTICATION__1__MECHANISM: password_based
  EMQX_AUTHENTICATION__1__BACKEND: built_in_database
  EMQX_AUTHENTICATION__1__USER_ID_TYPE: username
  EMQX_AUTHENTICATION__1__PASSWORD_HASH_ALGORITHM: "{name = sha256, salt_position = prefix}"
  EMQX_AUTHENTICATION__1__ENABLE: 'true'
  EMQX_LISTENERS__SSL__DEFAULT__SSL_OPTIONS__CERTFILE: /tmp/ssl/tls.crt
  EMQX_LISTENERS__SSL__DEFAULT__SSL_OPTIONS__KEYFILE: /tmp/ssl/tls.key
ingress:
  dashboard:
    annotations: 
      kubernetes.io/ingress.class: nginx
      kubernetes.io/tls-acme: "true"
      cert-manager.io/cluster-issuer: letsencrypt-production
      nginx.ingress.kubernetes.io/rewrite-target: /
      nginx.ingress.kubernetes.io/use-regex: "true"
    enabled: true
    hosts:
    - .....
    path: /emqx
    pathType: ImplementationSpecific
    tls: 
    - hosts:
      - .....
      secretName: custom-name
metrics:
  enabled: true
  type: prometheus
persistence:
  accessMode: ReadWriteOnce
  enabled: true
  size: 2Gi
  storageClassName: managed-premium
podManagementPolicy: Parallel
replicaCount: 3
resources:
  requests:
    cpu: '3'
    memory: 4Gi
  limits:
    cpu: '3'
    memory: 4Gi
service:
  dashboard: 18083
  mgmt: 8081
  mqtt: 1883
  mqttssl: 8883
  nodePorts:
    dashboard: null
    dashboardtls: null
    mgmt: null
    mqtt: null
    mqttssl: null
    ws: null
    wss: null
  type: ClusterIP
  ws: 8083
  wss: 8084
ssl:
  enabled: true
  useExisting: true
  existingName: custom-name

Chart version: 5.0.9

But the deployment gets created with the default secret name 'emqx-tls'.

    spec:
      volumes:
        - name: ssl-cert
          secret:
            secretName: emqx-tls
            defaultMode: 420

What did you expect to happen?

Deployment should have the following

    spec:
      volumes:
        - name: ssl-cert
          secret:
            secretName: custom-name
            defaultMode: 420

How can we reproduce it (as minimally and precisely as possible)?

Use the same Helm values file with the command,

helm upgrade --install emqx helm/emqx-5.0.9.tgz \
      --values emqx-values.yaml \
      --namespace mqtt \
      --create-namespace \
      --version 5.0.9 

emqxConfig:
  EMQX_CLUSTER__DISCOVERY_STRATEGY: k8s
  EMQX_CLUSTER__K8S__ADDRESS_TYPE: hostname
  EMQX_CLUSTER__K8S__APISERVER: https://kubernetes.default.svc:443
  EMQX_CLUSTER__K8S__NAMESPACE: '{{ .Release.Namespace }}'
  EMQX_CLUSTER__K8S__SERVICE_NAME: '{{ .Release.Name }}-headless'
  EMQX_CLUSTER__K8S__SUFFIX: svc.cluster.local
  EMQX_AUTHENTICATION__1__MECHANISM: password_based
  EMQX_AUTHENTICATION__1__BACKEND: built_in_database
  EMQX_AUTHENTICATION__1__USER_ID_TYPE: username
  EMQX_AUTHENTICATION__1__PASSWORD_HASH_ALGORITHM: "{name = sha256, salt_position = prefix}"
  EMQX_AUTHENTICATION__1__ENABLE: 'true'
  EMQX_LISTENERS__SSL__DEFAULT__SSL_OPTIONS__CERTFILE: /tmp/ssl/tls.crt
  EMQX_LISTENERS__SSL__DEFAULT__SSL_OPTIONS__KEYFILE: /tmp/ssl/tls.key
ingress:
  dashboard:
    annotations: 
      kubernetes.io/ingress.class: nginx
      kubernetes.io/tls-acme: "true"
      cert-manager.io/cluster-issuer: letsencrypt-production
      nginx.ingress.kubernetes.io/rewrite-target: /
      nginx.ingress.kubernetes.io/use-regex: "true"
    enabled: true
    hosts:
    - .....
    path: /emqx
    pathType: ImplementationSpecific
    tls: 
    - hosts:
      - .....
      secretName: custom-name
metrics:
  enabled: true
  type: prometheus
persistence:
  accessMode: ReadWriteOnce
  enabled: true
  size: 2Gi
  storageClassName: managed-premium
podManagementPolicy: Parallel
replicaCount: 3
resources:
  requests:
    cpu: '3'
    memory: 4Gi
  limits:
    cpu: '3'
    memory: 4Gi
service:
  dashboard: 18083
  mgmt: 8081
  mqtt: 1883
  mqttssl: 8883
  nodePorts:
    dashboard: null
    dashboardtls: null
    mgmt: null
    mqtt: null
    mqttssl: null
    ws: null
    wss: null
  type: ClusterIP
  ws: 8083
  wss: 8084
ssl:
  enabled: true
  useExisting: true
  existingName: custom-name

Anything else we need to know?

No response

EMQX version

sysdescr  : EMQX
version   : 5.0.9
datetime  : 2022-11-04T12:31:00.815419460+00:00
uptime    : 33 minutes, 24 seconds

OS version

# On Linux:
$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

$ uname -a
Linux emqx-2 5.4.0-1067-azure #70~18.04.1-Ubuntu SMP Thu Jan 13 19:46:01 UTC 2022 x86_64 GNU/Linux

Log files

N/A

[Gala-R]

@aventi-lasith thanks for your feedback, we will fix this as soon as possible.

[id]

Fixed by #9317