koperator icon indicating copy to clipboard operation
koperator copied to clipboard

Published 20 hours ago verified publisher icon banzaicloud

SSL certificate is not updated when a cluster resize

Open MilkyWay-core opened this issue 2 years ago • 1 comments

Certificate not get alt-names (Dns names) for new brokers when enabled SSL authorization and cluster was by resized

steps to reproduce the issue:

  1. Enable SSL authorization
  2. Enable envoy
  3. Resize cluster
  4. Verify certificate [cluster]-all-brokers

I expect that certificate [cluster]-all-brokers get new alt-name after resize cluster

MilkyWay-core avatar Oct 20 '22 06:10 MilkyWay-core

Hello @MilkyWay-core ! Thank you for reporting this. It is not a critical but a valid issue. It is not an easy fix. We will look into it. If this is problematic for you now I suggest to use the ServerSSLSecret reference: https://github.com/banzaicloud/koperator/blob/8bbde8e9541b7a3b3d7070ac5ad8991ea0ef52bc/api/v1beta1/kafkacluster_types.go#L560 There you can create your own certificates for your listeners.

bartam1 avatar Nov 02 '22 12:11 bartam1