adopt newer top-level csr config section

Author: qrkourier

charts/ziti-router/templates/configmap.yaml

@@ -170,63 +170,72 @@ data:
       intervalAgeThreshold: 5s
     {{- end }}
     
-    edge:
-      csr:
-        {{- if .Values.csr.country }}
-        country: {{ .Values.csr.country }}
-        {{- end }}
-        {{- if .Values.csr.province }}
-        province: {{ .Values.csr.province }}
-        {{- end }}
-        {{- if .Values.csr.locality }}
-        locality: {{ .Values.csr.locality }}
-        {{- end }}
-        {{- if .Values.csr.organization }}
-        organization: {{ .Values.csr.organization }}
-        {{- end }}
-        {{- if .Values.csr.organizationalUnit }}
-        organizationalUnit: {{ .Values.csr.organizationalUnit }}
-        {{- end }}
-        sans:
-          dns:
-            {{- if eq (default false .Values.csr.sans.noDefaults) false }}
-            - localhost
-            {{- if .Values.advertisedHost }}
-            - {{ .Values.advertisedHost }}
-            {{- end }}
+    csr:
+      {{- if .Values.csr.country }}
+      country: {{ .Values.csr.country }}
+      {{- end }}
+      {{- if .Values.csr.province }}
+      province: {{ .Values.csr.province }}
+      {{- end }}
+      {{- if .Values.csr.locality }}
+      locality: {{ .Values.csr.locality }}
+      {{- end }}
+      {{- if .Values.csr.organization }}
+      organization: {{ .Values.csr.organization }}
+      {{- end }}
+      {{- if .Values.csr.organizationalUnit }}
+      organizationalUnit: {{ .Values.csr.organizationalUnit }}
+      {{- end }}
+      sans:
+        dns:
+          {{- if eq (default false .Values.csr.sans.noDefaults) false }}
+          - localhost
             {{- if and .Values.edge.enabled .Values.edge.advertisedHost }}
-            - {{ .Values.edge.advertisedHost }}
-            {{- end }}
-            {{- if and .Values.linkListeners.transport.service.enabled .Values.linkListeners.transport.advertisedHost }}
-            - {{ .Values.linkListeners.transport.advertisedHost }}
+          - {{ .Values.edge.advertisedHost }}
             {{- end }}
+            {{- if .Values.edge.additionalListeners }}
+              {{- range .Values.edge.additionalListeners }}
+          - {{ .advertisedHost }}
+              {{- end }}
             {{- end }}
-            {{- range .Values.csr.sans.dns }}
-            - {{ . | quote }}
+            {{- if and .Values.linkListeners.transport.service.enabled .Values.linkListeners.transport.advertisedHost }}
+          - {{ .Values.linkListeners.transport.advertisedHost }}
             {{- end }}
-          ip:
-            {{- if eq (default false .Values.csr.sans.noDefaults) false }}
-            - 127.0.0.1
+          {{- end }}  # end if .Values.csr.sans.noDefaults
+          {{- range .Values.csr.sans.dns }}
+          - {{ . | quote }}
+          {{- end }}
+        ip:
+          {{- if eq (default false .Values.csr.sans.noDefaults) false }}
+          - 127.0.0.1
             {{- if and .Values.edge.enabled  .Values.edge.service.enabled }}
-            {{- with .Values.edge.service.loadBalancerIP }}
-            - {{ . }}
-            {{- end }}
-            {{- with .Values.edge.service.externalIPs }}
-            {{- toYaml . | nindent 4 }}
-            {{- end }}
+              {{- with .Values.edge.service.loadBalancerIP }}
+          - {{ . }}
+              {{- end }}
+              {{- with .Values.edge.service.externalIPs }}
+                {{- toYaml . | nindent 4 }}
+              {{- end }}
             {{- end }}
             {{- if and .Values.linkListeners.transport.service.enabled  .Values.linkListeners.transport.service.enabled }}
-            {{- with .Values.linkListeners.transport.service.loadBalancerIP }}
-            - {{ . }}
-            {{- end }}
-            {{- with .Values.linkListeners.transport.service.externalIPs }}
-            {{- toYaml . | nindent 4 }}
-            {{- end }}
-            {{- end }}
-            {{- end }}
-            {{- range .Values.csr.sans.ip }}
-            - {{ . | quote }}
+              {{- with .Values.linkListeners.transport.service.loadBalancerIP }}
+          - {{ . }}
+              {{- end }}
+              {{- with .Values.linkListeners.transport.service.externalIPs }}
+                {{- toYaml . | nindent 4 }}
+              {{- end }}
             {{- end }}
+          {{- end }} # end if .Values.csr.sans.noDefaults
+          {{- range .Values.csr.sans.ip }}
+          - {{ . | quote }}
+          {{- end }}
+        email:
+          {{- range .Values.csr.sans.email }}
+          - {{ . | quote }}
+          {{- end }}
+        uri:
+          {{- range .Values.csr.sans.uri }}
+          - {{ . | quote }}
+          {{- end }}
 
     #transport:
     #  ws:

charts/ziti-router/values.yaml

@@ -9,22 +9,29 @@ ctrl:
 advertisedHost:
 
 
-# Certificate signing request basic data
+# -- Certificate signing request distinguished name and subject alternative names
 csr:
-  # country: US
-  # province: NC
-  # locality: Charlotte
-  # organization: NetFoundry
-  # organizationalUnit: Ziti
+  # -- country
+  country:
+  # -- state
+  province:
+  # -- city
+  locality:
+  # -- organization
+  organization:
+  # -- organizational unit
+  organizationalUnit:
   sans:
-  # # you could specify additional SANS here - configurations from advertise hosts and
-  # # service's will be collected automatically
-  # -- additional DNS SANs
+    # -- disable computing the SANs from the advertisedHost, etc.
+    noDefaults: false
+    # -- additional DNS SANs
     dns: []
-  #     - my.additional.host
-  # -- additional IP SANs
+    # -- additional IP SANs
     ip: []
-  #     - "192.168.10.0"
+    # -- additional email SANs
+    email: []
+    # -- additional URI SANs
+    uri: []
 
 
 # listen for router links