eclipse
[Hono] Fix service names in example certificates
The configuration for creating example certificates defines Subject alternative names for the service names, like eg. "hono-service-auth.hono". The service names are prefixed during deployment with the release name. The release name in the documentation for deploying only Hono is "eclipse-hono", in the documentation of the cloud2edge package it is "c2e", but only "hono" would match. All client configuration I found disables hostname verification, so there is no real consequence during runtime. But FMPOV the configuration is misleading and does not serve as a good example.
The easiest solution would probably be to remove the release name prefix from the service names. The impact should be small because in practice probably no one will deploy Hono multiple times into the same Kubernetes namespace.
Another solution could be to define a "standard release name" and create the certificates for this name. This could be accompanied by informing the user via the NOTES.txt about the release name to be used, or even by a check that requires the release name.
FMPOV it would be great if hostname verification could be enabled at least for the internal connections (i.e. between the components running in a Kubernetes cluster in the same namespace).
I agree that this is not optimal and I also agree that we could assume (or better require) that there is only one Hono installation per kubernetes namespace. That would allow us to remove the release name from the service names (and all other artifacts that we deploy to the namespace).
we could assume (or better require) that there is only one Hono installation per kubernetes namespace
Removing the release name from the names of services, deployments, etc. would lead to an error if you try to deploy Hono a second time to a namespace. FMPOV this would be sufficient. Or are you thinking of additional explicit checking?