[helm nats 1.x] add tlsCA option #763
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Caleb Lloyd <[email protected]>
caleblloyd
force-pushed
the
helm-nats-1.x-tls-ca
branch
from
4369503
to
1da663f
Compare
philpennock
approved these changes
Jul 14, 2023
| - name: contexts | ||
| mountPath: /etc/nats-contexts | ||
| # contents secret |
There was a problem hiding this comment.
Should this be within the template if below? Similarly for pid stuff below?
There was a problem hiding this comment.
I've been in the habit of putting comments at the beginning of conditional blocks, because it helps me see balancing of the {{- if and {{- end braces between the comments
caleblloyd
added a commit
that referenced
this pull request
Aug 1, 2023
Signed-off-by: Caleb Lloyd <[email protected]>
caleblloyd
added a commit
that referenced
this pull request
Aug 1, 2023
* NATS 1.x Helm Chart (#704) * nats-next helm chart Signed-off-by: Caleb Lloyd <[email protected]> * volume claim templates Signed-off-by: Caleb Lloyd <[email protected]> * persistence Signed-off-by: Caleb Lloyd <[email protected]> * load merge patch pattern Signed-off-by: Caleb Lloyd <[email protected]> * support nats config vars, units, and include Signed-off-by: Caleb Lloyd <[email protected]> * re-work jetstream values Signed-off-by: Caleb Lloyd <[email protected]> * reset merged values Signed-off-by: Caleb Lloyd <[email protected]> * separate jetstream config and pvc * disable cluster advertisements by default * tls Signed-off-by: Caleb Lloyd <[email protected]> * reloader Signed-off-by: Caleb Lloyd <[email protected]> * reorg config Signed-off-by: Caleb Lloyd <[email protected]> * nats box Signed-off-by: Caleb Lloyd <[email protected]> * nats protocol is always enabled Signed-off-by: Caleb Lloyd <[email protected]> * nest nats resources Signed-off-by: Caleb Lloyd <[email protected]> * un-nest nats Signed-off-by: Caleb Lloyd <[email protected]> * standardize pvc size Signed-off-by: Caleb Lloyd <[email protected]> * pvc names Signed-off-by: Caleb Lloyd <[email protected]> * allow overriding resource names Signed-off-by: Caleb Lloyd <[email protected]> * add websocket ingress Signed-off-by: Caleb Lloyd <[email protected]> * extra resources Signed-off-by: Caleb Lloyd <[email protected]> * update tplYaml Signed-off-by: Caleb Lloyd <[email protected]> * update extraResources example Signed-off-by: Caleb Lloyd <[email protected]> * test beginnings Signed-off-by: Caleb Lloyd <[email protected]> * more tests Signed-off-by: Caleb Lloyd <[email protected]> * default values test Signed-off-by: Caleb Lloyd <[email protected]> * ports test Signed-off-by: Caleb Lloyd <[email protected]> * port and config tests Signed-off-by: Caleb Lloyd <[email protected]> * tls test Signed-off-by: Caleb Lloyd <[email protected]> * resource merge/patch tests Signed-off-by: Caleb Lloyd <[email protected]> * global image section Signed-off-by: Caleb Lloyd <[email protected]> * nats box tests Signed-off-by: Caleb Lloyd <[email protected]> * includes test Signed-off-by: Caleb Lloyd <[email protected]> * extra resources test Signed-off-by: Caleb Lloyd <[email protected]> * rename nats-next to nats Signed-off-by: Caleb Lloyd <[email protected]> * fix nats-box test Signed-off-by: Caleb Lloyd <[email protected]> * fix linting Signed-off-by: Caleb Lloyd <[email protected]> * fix nindent check Signed-off-by: Caleb Lloyd <[email protected]> * bump test k8s versions Signed-off-by: Caleb Lloyd <[email protected]> * disable cluster and js by default Signed-off-by: Caleb Lloyd <[email protected]> * fix lint Signed-off-by: Caleb Lloyd <[email protected]> * CI updates Signed-off-by: Caleb Lloyd <[email protected]> * move ingress under config.websocket Signed-off-by: Caleb Lloyd <[email protected]> * remove cluster replica check gateways could be configured which would enable single replica cluster to work Signed-off-by: Caleb Lloyd <[email protected]> * upgrade to nats 2.9.16 Signed-off-by: Caleb Lloyd <[email protected]> * POD_NAME env var * documentation Signed-off-by: Caleb Lloyd <[email protected]> * add optional service accounts Signed-off-by: Caleb Lloyd <[email protected]> * default enableServiceLinks: false service discovery uses DNS; don't need service env vars Signed-off-by: Caleb Lloyd <[email protected]> * fix lint Signed-off-by: Caleb Lloyd <[email protected]> * add global labels Signed-off-by: Caleb Lloyd <[email protected]> * nats-box non-polling sleep Signed-off-by: Caleb Lloyd <[email protected]> * add helpers for secretNames Signed-off-by: Caleb Lloyd <[email protected]> * make include example clearer Signed-off-by: Caleb Lloyd <[email protected]> * natsBox: only create contents secret if used Signed-off-by: Caleb Lloyd <[email protected]> * tls key does not support contents Signed-off-by: Caleb Lloyd <[email protected]> --------- Signed-off-by: Caleb Lloyd <[email protected]> * [nats helm 1.x] add Beta notice to README.md (#714) * [nats helm 1.x] add Beta notice to README.md Signed-off-by: Caleb Lloyd <[email protected]> * bump to 1.0.0-beta.1 so this hits ArtifactHub Signed-off-by: Caleb Lloyd <[email protected]> --------- Signed-off-by: Caleb Lloyd <[email protected]> * [nats helm 1.x] remove break statement (#715) * [nats helm 1.x] remove break statement Signed-off-by: Caleb Lloyd <[email protected]> * jsonpatch fix Signed-off-by: Caleb Lloyd <[email protected]> --------- Signed-off-by: Caleb Lloyd <[email protected]> * [nats helm 1.x] fix JS mount (#717) * [nats helm 1.x] fix JS mount Signed-off-by: Caleb Lloyd <[email protected]> * default max_file_store to pvc size Signed-off-by: Caleb Lloyd <[email protected]> --------- Signed-off-by: Caleb Lloyd <[email protected]> * remove 1.0.0-beta.3 fix (#719) Signed-off-by: Caleb Lloyd <[email protected]> * [helm nats 1.x] leafnode -> leafnodes (#720) Signed-off-by: Caleb Lloyd <[email protected]> * [helm nats 1.x] upgrade nats to 2.9.17 (#728) Signed-off-by: Caleb Lloyd <[email protected]> * [helm nats 1.x] config.serverNamePrefix option (#732) Signed-off-by: Caleb Lloyd <[email protected]> * [helm nats 1.x] config.cluster.routeURLs options (#746) * [helm nats 1.x] config.cluster.routeURLs options Signed-off-by: Caleb Lloyd <[email protected]> * update comments Signed-off-by: Caleb Lloyd <[email protected]> --------- Signed-off-by: Caleb Lloyd <[email protected]> * [helm nats 1.x] add pod disruption budget (#747) Signed-off-by: Caleb Lloyd <[email protected]> * [helm nats 1.x] 0.x -> 1.x upgrade guide (#743) * [helm nats 1.x] 0.x -> 1.x upgrade guide Signed-off-by: Caleb Lloyd <[email protected]> * add TLS considerations Signed-off-by: Caleb Lloyd <[email protected]> * update instructions Signed-off-by: Caleb Lloyd <[email protected]> --------- Signed-off-by: Caleb Lloyd <[email protected]> * [helm nats 1.x] upgrade NATS to 2.9.19 (#749) Signed-off-by: Caleb Lloyd <[email protected]> * [helm nats 1.x] add namespaceOverride (#755) Signed-off-by: Caleb Lloyd <[email protected]> * [helm nats 1.x] publish 1.0.0-rc.0 (#756) Signed-off-by: Caleb Lloyd <[email protected]> * [helm nats 1.x] remove tls.ca options (#758) Signed-off-by: Caleb Lloyd <[email protected]> * [helm nats 1.x] add appProtocol to services (#762) Signed-off-by: Caleb Lloyd <[email protected]> * [helm nats 1.x] add tlsCA option (#763) Signed-off-by: Caleb Lloyd <[email protected]> * [helm nats 1.x] upgrade nats to 2.9.20 (#765) Signed-off-by: Caleb Lloyd <[email protected]> * release 1.0.0 Signed-off-by: Caleb Lloyd <[email protected]> --------- Signed-off-by: Caleb Lloyd <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a root level
tlsCAoption that can mount a CA bundle from a ConfigMap or SecretIf this option is supplied, it will use the CA bundle in all NATS Server
tlsblocks, and allnats-boxcontextsMeant to be used in conjunction with something like trust-manager