Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix CN length limitation issue while using cert-manager #822

Merged
merged 5 commits into from
Jun 15, 2022

Conversation

panyuenlau
Copy link
Member

@panyuenlau panyuenlau commented Jun 13, 2022

Q A
Bug fix? yes
New feature? no
API breaks? no
Deprecations? no
Related tickets fixes #445
License Apache 2.0

What's in this PR?

Hash and limit the length of the generated CN for the controller if it exceeds the maximum supported length - 64 characters, reference: https://docs.digicert.com/manage-certificates/public-certificates-data-entries-that/#64character-maximum-limit-violation

Additional context

Tested with cert-manager (as well as csr-operator) using the same Kafka name and namespace as reported in #445

Checklist

  • Implementation tested
  • Error handling code meets the guideline
  • Logging code meets the guideline
  • User guide and development docs updated (if needed)

TODO

  • Fix following error when SSL is enabled:
    {"level":"info","ts":"2022-06-15T05:01:57.596Z","logger":"controller.KafkaCluster","msg":"A new resource was not found or may not be ready","reconciler group":"kafka.banzaicloud.io","reconciler kind":"KafkaCluster","name":"kafka-pushdelivery-stage-controller","namespace":"pushdelivery-stage","error":"checking secret data fields: SSL JKS certificate has not generated properly yet into secret: kafka-pushdelivery-stage-controller-server-certificate"}

@panyuenlau panyuenlau requested a review from a team as a code owner June 13, 2022 13:35
@panyuenlau panyuenlau changed the title Fix CN name length limitation Fix CN length limitation issue while using cert-manager Jun 13, 2022
pkg/util/pki/common.go Outdated Show resolved Hide resolved
pregnor
pregnor previously approved these changes Jun 14, 2022
pkg/util/pki/common.go Outdated Show resolved Hide resolved
pkg/util/pki/common.go Outdated Show resolved Hide resolved
pkg/util/util.go Outdated Show resolved Hide resolved
pregnor
pregnor previously approved these changes Jun 15, 2022
stoader
stoader previously approved these changes Jun 15, 2022
@panyuenlau panyuenlau merged commit 1ee7c9a into master Jun 15, 2022
@panyuenlau panyuenlau deleted the cn-name-length-limitation branch June 15, 2022 12:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Controller certificate CN too long
5 participants