-
Story
-
Resolution: Won't Do
-
Normal
-
None
-
None
-
False
-
-
False
-
-
-
Customer is using Helm for managing his AMQ Streams deployment.
We're wondering if it is possible to make the ability to use multiple certificates in a single .crt file in the tlsTrustedCertificates field.
For example now we can reference X .crt files using this configuration:
listeners:
- name: oauth1
authentication:
...
tlsTrustedCertificates:
- secretName: oauth-server-cert
certificate: sso_01.crt
- secretName: oauth-server-cert
certificate: sso_02.crt
Each secret contains one certificate. Changing/deleting/adding secrets requires changing Helm charts.
Maybe it would be possible to use one secret that contains something like this:
name: config-trusted-cabundle
data:
ca-bundle.crt:
-----BEGIN CERTIFICATE-----
MIIF7DCCA9SgAwIBAgIQdKxuoT6xsxDGQ0xUZWfVZDANBgkqhkiG9w0BAQsFADBH
Eylep2S/vZ9lbbZVnuAaY+uc+EeuvM5Fej2GfZBFR7oE4oNuMFUJNC4i4cb+1l4u
f2vwj+UnV5bmZLIqu1NXrD9iE6pw6q7xteRUWJrk3gOK9j4CA1zBr5mZhgNlQXzd
htsxgNoC75Ut29PUIDopDWUBtaUvQmKSJG47MpmpK+Y=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
4gGZ2NMJ3dkAZ6P4VRomO9waPtxD3QcNjKdCjmhXH+EWAEZmdF7BjWO3iba0pyXk
MdayWJZvQ2sPIGgQEcD+Q/3y6B3HnSeISuRY9jHn
-----END CERTIFICATE-----
[...more cert...]
Kafka Helm chart then would not need new release for that because adding/removing cert would only change secret value. Kafka would do a rolling restart and update ca list.