[step-certificate] Custom `ca.dns` values result in incomplete cert about helm-charts HOT 3 CLOSED

The current template is designed to allow you to set all the names that you want to configure using

helm install \
  --set ca.dns="ca.example.com,internalca-step-certificates.default.svc.cluster.local,127.0.0.1" \
  step-certificates step-certificates

Or use just the default internalca-step-certificates.default.svc.cluster.local,127.0.0.1 if you do not define a value for ca.dns. Your change might fail by default as it might add an empty DNS entry.

from helm-charts.

Yep, totally tracking the use of ca.dns, and I see what you mean about possibly creating an empty DNS entry. After thinking about it some more, it would also force the user to have the static values in their SAN whether or not they want it. Could we instead update the readme.md or even better, the default values.yaml saying something to the effect of:

If you provide a custom value for ca.dns, be sure to append {{fullname}}.{{namespace}}.svc.cluster.local,127.0.0.1" to the end, otherwise accessing the CA by those DNS/IPs will fail (services internal to the cluster, including using the step ca name in the container).

Example:
ca.dns="ca.example.com,internalca-step-certificates.default.svc.cluster.local,127.0.0.1"

The problem is that it is not readily apparent that it needs to happen now to the uninitiated user, and takes an hour or two of spinning down/spinning up via helm to figure that out.

from helm-charts.

I'll add that to the README.

from helm-charts.