Use external CA bundle for Client CA verification (#57)

palantir · Jun 20, 2024 · 7f33381 · 7f33381
1 parent a93a1eb
commit 7f33381
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/charts/beta/prometheus/Chart.yaml b/charts/beta/prometheus/Chart.yaml
@@ -12,7 +12,7 @@ description: A Prometheus chart that can be used with Palantir FedStart
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 
-version: 25.21.0001
+version: 25.21.0002
 
 # Be aware that using helm dependencies has undesirable side affects, where you cannot remove
 # subchart config keys by setting them to null. If this type of configuration override is necessary,

diff --git a/charts/beta/prometheus/templates/prometheus/cm.yaml b/charts/beta/prometheus/templates/prometheus/cm.yaml
@@ -9,7 +9,7 @@ data:
     tls_server_config:
       cert_file: /mnt/secrets/certs/tls.crt
       key_file: /mnt/secrets/certs/tls.key
-      client_ca_file: /mnt/secrets/certs/ca.crt
+      client_ca_file: /etc/ssl/rubix-ca/ca.pem
       client_auth_type: VerifyClientCertIfGiven
       # required because Go's default for server is TLS v1.0 https://pkg.go.dev/crypto/tls#Config:~:text=and%20TLS%201.0%20when%20acting%20as%20a%20server
       min_version: "TLS12"