-
Notifications
You must be signed in to change notification settings - Fork 304
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[helm nats 1.x] add tlsCA option #763
Conversation
Signed-off-by: Caleb Lloyd <caleb@synadia.com>
4369503
to
1da663f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Everything substantive looks good
- name: contexts | ||
mountPath: /etc/nats-contexts | ||
# contents secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be within the template if below? Similarly for pid stuff below?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've been in the habit of putting comments at the beginning of conditional blocks, because it helps me see balancing of the {{- if
and {{- end
braces between the comments
Signed-off-by: Caleb Lloyd <caleb@synadia.com>
* NATS 1.x Helm Chart (#704) * nats-next helm chart Signed-off-by: Caleb Lloyd <caleb@synadia.com> * volume claim templates Signed-off-by: Caleb Lloyd <caleb@synadia.com> * persistence Signed-off-by: Caleb Lloyd <caleb@synadia.com> * load merge patch pattern Signed-off-by: Caleb Lloyd <caleb@synadia.com> * support nats config vars, units, and include Signed-off-by: Caleb Lloyd <caleb@synadia.com> * re-work jetstream values Signed-off-by: Caleb Lloyd <caleb@synadia.com> * reset merged values Signed-off-by: Caleb Lloyd <caleb@synadia.com> * separate jetstream config and pvc * disable cluster advertisements by default * tls Signed-off-by: Caleb Lloyd <caleb@synadia.com> * reloader Signed-off-by: Caleb Lloyd <caleb@synadia.com> * reorg config Signed-off-by: Caleb Lloyd <caleb@synadia.com> * nats box Signed-off-by: Caleb Lloyd <caleb@synadia.com> * nats protocol is always enabled Signed-off-by: Caleb Lloyd <caleb@synadia.com> * nest nats resources Signed-off-by: Caleb Lloyd <caleb@synadia.com> * un-nest nats Signed-off-by: Caleb Lloyd <caleb@synadia.com> * standardize pvc size Signed-off-by: Caleb Lloyd <caleb@synadia.com> * pvc names Signed-off-by: Caleb Lloyd <caleb@synadia.com> * allow overriding resource names Signed-off-by: Caleb Lloyd <caleb@synadia.com> * add websocket ingress Signed-off-by: Caleb Lloyd <caleb@synadia.com> * extra resources Signed-off-by: Caleb Lloyd <caleb@synadia.com> * update tplYaml Signed-off-by: Caleb Lloyd <caleb@synadia.com> * update extraResources example Signed-off-by: Caleb Lloyd <caleb@synadia.com> * test beginnings Signed-off-by: Caleb Lloyd <caleb@synadia.com> * more tests Signed-off-by: Caleb Lloyd <caleb@synadia.com> * default values test Signed-off-by: Caleb Lloyd <caleb@synadia.com> * ports test Signed-off-by: Caleb Lloyd <caleb@synadia.com> * port and config tests Signed-off-by: Caleb Lloyd <caleb@synadia.com> * tls test Signed-off-by: Caleb Lloyd <caleb@synadia.com> * resource merge/patch tests Signed-off-by: Caleb Lloyd <caleb@synadia.com> * global image section Signed-off-by: Caleb Lloyd <caleb@synadia.com> * nats box tests Signed-off-by: Caleb Lloyd <caleb@synadia.com> * includes test Signed-off-by: Caleb Lloyd <caleb@synadia.com> * extra resources test Signed-off-by: Caleb Lloyd <caleb@synadia.com> * rename nats-next to nats Signed-off-by: Caleb Lloyd <caleb@synadia.com> * fix nats-box test Signed-off-by: Caleb Lloyd <caleb@synadia.com> * fix linting Signed-off-by: Caleb Lloyd <caleb@synadia.com> * fix nindent check Signed-off-by: Caleb Lloyd <caleb@synadia.com> * bump test k8s versions Signed-off-by: Caleb Lloyd <caleb@synadia.com> * disable cluster and js by default Signed-off-by: Caleb Lloyd <caleb@synadia.com> * fix lint Signed-off-by: Caleb Lloyd <caleb@synadia.com> * CI updates Signed-off-by: Caleb Lloyd <caleb@synadia.com> * move ingress under config.websocket Signed-off-by: Caleb Lloyd <caleb@synadia.com> * remove cluster replica check gateways could be configured which would enable single replica cluster to work Signed-off-by: Caleb Lloyd <caleb@synadia.com> * upgrade to nats 2.9.16 Signed-off-by: Caleb Lloyd <caleb@synadia.com> * POD_NAME env var * documentation Signed-off-by: Caleb Lloyd <caleb@synadia.com> * add optional service accounts Signed-off-by: Caleb Lloyd <caleb@synadia.com> * default enableServiceLinks: false service discovery uses DNS; don't need service env vars Signed-off-by: Caleb Lloyd <caleb@synadia.com> * fix lint Signed-off-by: Caleb Lloyd <caleb@synadia.com> * add global labels Signed-off-by: Caleb Lloyd <caleb@synadia.com> * nats-box non-polling sleep Signed-off-by: Caleb Lloyd <caleb@synadia.com> * add helpers for secretNames Signed-off-by: Caleb Lloyd <caleb@synadia.com> * make include example clearer Signed-off-by: Caleb Lloyd <caleb@synadia.com> * natsBox: only create contents secret if used Signed-off-by: Caleb Lloyd <caleb@synadia.com> * tls key does not support contents Signed-off-by: Caleb Lloyd <caleb@synadia.com> --------- Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [nats helm 1.x] add Beta notice to README.md (#714) * [nats helm 1.x] add Beta notice to README.md Signed-off-by: Caleb Lloyd <caleb@synadia.com> * bump to 1.0.0-beta.1 so this hits ArtifactHub Signed-off-by: Caleb Lloyd <caleb@synadia.com> --------- Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [nats helm 1.x] remove break statement (#715) * [nats helm 1.x] remove break statement Signed-off-by: Caleb Lloyd <caleb@synadia.com> * jsonpatch fix Signed-off-by: Caleb Lloyd <caleb@synadia.com> --------- Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [nats helm 1.x] fix JS mount (#717) * [nats helm 1.x] fix JS mount Signed-off-by: Caleb Lloyd <caleb@synadia.com> * default max_file_store to pvc size Signed-off-by: Caleb Lloyd <caleb@synadia.com> --------- Signed-off-by: Caleb Lloyd <caleb@synadia.com> * remove 1.0.0-beta.3 fix (#719) Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [helm nats 1.x] leafnode -> leafnodes (#720) Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [helm nats 1.x] upgrade nats to 2.9.17 (#728) Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [helm nats 1.x] config.serverNamePrefix option (#732) Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [helm nats 1.x] config.cluster.routeURLs options (#746) * [helm nats 1.x] config.cluster.routeURLs options Signed-off-by: Caleb Lloyd <caleb@synadia.com> * update comments Signed-off-by: Caleb Lloyd <caleb@synadia.com> --------- Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [helm nats 1.x] add pod disruption budget (#747) Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [helm nats 1.x] 0.x -> 1.x upgrade guide (#743) * [helm nats 1.x] 0.x -> 1.x upgrade guide Signed-off-by: Caleb Lloyd <caleb@synadia.com> * add TLS considerations Signed-off-by: Caleb Lloyd <caleb@synadia.com> * update instructions Signed-off-by: Caleb Lloyd <caleb@synadia.com> --------- Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [helm nats 1.x] upgrade NATS to 2.9.19 (#749) Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [helm nats 1.x] add namespaceOverride (#755) Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [helm nats 1.x] publish 1.0.0-rc.0 (#756) Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [helm nats 1.x] remove tls.ca options (#758) Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [helm nats 1.x] add appProtocol to services (#762) Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [helm nats 1.x] add tlsCA option (#763) Signed-off-by: Caleb Lloyd <caleb@synadia.com> * [helm nats 1.x] upgrade nats to 2.9.20 (#765) Signed-off-by: Caleb Lloyd <caleb@synadia.com> * release 1.0.0 Signed-off-by: Caleb Lloyd <caleb@synadia.com> --------- Signed-off-by: Caleb Lloyd <caleb@synadia.com>
Adds a root level
tlsCA
option that can mount a CA bundle from a ConfigMap or SecretIf this option is supplied, it will use the CA bundle in all NATS Server
tls
blocks, and allnats-box
contextsMeant to be used in conjunction with something like trust-manager