Skip to content

[release/v2.4.x] charts/redpanda: fix mTLS #1114

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chrisseto merged 1 commit into from
Oct 6, 2025
Merged

[release/v2.4.x] charts/redpanda: fix mTLS #1114

chrisseto merged 1 commit into from
Oct 6, 2025

Conversation

@github-actions
Copy link

@github-actions github-actions bot commented Sep 25, 2025

Backport

This will backport the following commits from main to release/v2.4.x:

Questions ?

Please refer to the Backport tool documentation

@github-actions github-actions bot mentioned this pull request Sep 25, 2025
Merged
@github-actions
Copy link
Author

github-actions bot commented Oct 1, 2025

This PR is stale because it has been open 5 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the stale label Oct 1, 2025
@chrisseto chrisseto removed the stale label Oct 1, 2025
@chrisseto chrisseto force-pushed the backport/release/v2.4.x/pr-1112 branch from c32eeac to 56bf801 Compare October 2, 2025 20:50
@chrisseto
Copy link
Contributor

chrisseto commented Oct 2, 2025

integration tests are failing and I haven't updated the golden file just yet as I need to review them for correctness but all conflicts have been fixed.

@chrisseto chrisseto force-pushed the backport/release/v2.4.x/pr-1112 branch from 56bf801 to d36b90c Compare October 6, 2025 14:07
@chrisseto
charts/redpanda: fix mTLS
6f032de 
Prior to this commit the chart had a variety of bugs around mTLS. The majority
of them were incorrect path construction and handling of `.clientSecretRef`.
The primary issue, though, is that the chart incorrectly mints a single client
certificate regardless of how many trust chains are in use.

This commit moves all name and path references into helper methods onto the
`TLSCert` itself and generates client certs per unique trust chain with client
auth enabled.

K8S-719

(cherry picked from commit 6c63e57)
@chrisseto chrisseto force-pushed the backport/release/v2.4.x/pr-1112 branch from d36b90c to 6f032de Compare October 6, 2025 16:52
@chrisseto chrisseto merged commit f392607 into release/v2.4.x Oct 6, 2025
11 checks passed
@chrisseto chrisseto deleted the backport/release/v2.4.x/pr-1112 branch October 6, 2025 17:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chrisseto chrisseto chrisseto approved these changes

@RafalKorepta RafalKorepta Awaiting requested review from RafalKorepta RafalKorepta is a code owner

@andrewstucki andrewstucki Awaiting requested review from andrewstucki andrewstucki is a code owner

@gene-redpanda gene-redpanda Awaiting requested review from gene-redpanda gene-redpanda is a code owner

Assignees

@chrisseto chrisseto

Labels

backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chrisseto