Comments (3)
The current template is designed to allow you to set all the names that you want to configure using
helm install \
--set ca.dns="ca.example.com,internalca-step-certificates.default.svc.cluster.local,127.0.0.1" \
step-certificates step-certificates
Or use just the default internalca-step-certificates.default.svc.cluster.local,127.0.0.1
if you do not define a value for ca.dns
. Your change might fail by default as it might add an empty DNS entry.
from helm-charts.
Yep, totally tracking the use of ca.dns
, and I see what you mean about possibly creating an empty DNS entry. After thinking about it some more, it would also force the user to have the static values in their SAN whether or not they want it. Could we instead update the readme.md
or even better, the default values.yaml
saying something to the effect of:
If you provide a custom value for
ca.dns
, be sure to append{{fullname}}.{{namespace}}.svc.cluster.local,127.0.0.1"
to the end, otherwise accessing the CA by those DNS/IPs will fail (services internal to the cluster, including using thestep ca
name in the container).Example:
ca.dns="ca.example.com,internalca-step-certificates.default.svc.cluster.local,127.0.0.1"
The problem is that it is not readily apparent that it needs to happen now to the uninitiated user, and takes an hour or two of spinning down/spinning up via helm to figure that out.
from helm-charts.
I'll add that to the README.
from helm-charts.
Related Issues (20)
- Incorrect Prometheus scrape port in Service annotations [step-issuer]
- step-certificates: clarify optional `certificate_issuer_key` / `ssh_host_ca_key` and `ssh_user_ca_key` HOT 1
- step-certificates: allow enabling ssh HOT 3
- Add abililty to specify image pull secret(s) HOT 1
- [security] default registry image not available - step.sm - strange domain? HOT 3
- database dataSource as a secret HOT 2
- Typo on test-connection.yaml
- insecureAddress for SCEP provider HOT 2
- step-certificates repo is out of date HOT 1
- helm test fails for smallstep/step-certificates HOT 2
- Error getting root certificate with LinkedCA deployment on latest version HOT 3
- step-issuer fails because of helm annotation validation error HOT 1
- Simpler Way To Set Configmaps When Not Using The Bootstrap HOT 1
- step-issuer refuses to deploy if stepIssuer.create is set to true HOT 9
- Extra Containers HOT 9
- fix(step-certificates): Secrets are mounted event if we don't need them
- ServiceMonitor for Prometheus-Operator HOT 1
- step-certificates 0.26.1 has been released, Helm chart out-of-date HOT 1
- Allow usage of predefiend SSH templates HOT 2
- Test Connection Job should have SecurityContext for Restricted environments
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm-charts.