Skip to content

Add support for ClusterIssuer for certificates #630

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 16, 2025
Merged

Add support for ClusterIssuer for certificates #630

merged 2 commits into from
Sep 16, 2025

Conversation

lhotari
Copy link
Member

@lhotari lhotari commented Sep 15, 2025

Fixes #629

Motivation

Pulsar currently supports kind: Issuer issuers for certificates. There's also a need to support kind: ClusterIssuer.

Modifications

  • add kind and group keys to certs.issuers.ca key in values.yaml.
  • adapt the template to use these in the issuerRef for the certificate object

@lhotari lhotari mentioned this pull request Sep 15, 2025
Closed
jonrhartley
jonrhartley reviewed Sep 15, 2025
View reviewed changes
Copy link

@jonrhartley jonrhartley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This still creates an Issuer that now is not required ?
All certs are signed by an outside ClusterIssuer
Which cert is used to supply the CA to the components ?
As our ClusterIssuer has a ca.crt in all certs

@lhotari
Copy link
Member Author

lhotari commented Sep 15, 2025

This still creates an Issuer that now is not required ?

I believe that changed with #565 so that it's not created unless certs.internal_issuer.enabled is set to true.

@lhotari lhotari requested a review from jonrhartley September 15, 2025 18:47
@lhotari
Copy link
Member Author

lhotari commented Sep 15, 2025

@jonrhartley I added extra validation in 2e7d3a3 so that misconfiguration would be caught.

jonrhartley
jonrhartley approved these changes Sep 16, 2025
View reviewed changes
Copy link

@jonrhartley jonrhartley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let looks good to me :)

@lhotari lhotari merged commit 5aad65c into apache:master Sep 16, 2025
33 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@jonrhartley jonrhartley jonrhartley approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow use of ClusterIssuer for all component certs
2 participants
@lhotari @jonrhartley