Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding a new SSL listener with hostnameOverride does not regenerate certificates #1062

Open
2 tasks done
david-simon opened this issue Oct 9, 2023 · 1 comment
Open
2 tasks done

Comments

@david-simon
Copy link
Contributor

Description

When a new SSL listener is added where the "hostnameOverride" field contains a new value, the auto-generated certificates are not updated.
As a workaround new certificates can be issued and specified in the 'serverSSLCertSecret'.

Expected Behavior

Certificates are re-issued with the new hostname added as a Subject Alternative Name

Actual Behavior

Certificates are not updated and clients connecting to the new hostname get an SSL exception.

Affected Version

0.25.1

Steps to Reproduce

  1. kubectl create -f config/samples/simplekafkacluster_ssl.yaml
  2. Add external listener to config/samples/simplekafkacluster_ssl.yaml:
spec:
  listenersConfig:
    externalListeners:
      - type: "ssl"
        name: "external"
        externalStartingPort: 19090
        containerPort: 9094
        accessMethod: LoadBalancer
        hostnameOverride: kafka.local
  1. kubectl apply config/samples/simplekafkacluster_ssl.yaml
  2. Observe that the certificates generated at step 1 are not updated with the new hostname 'kafka.local'

Checklist

@david-simon
Copy link
Contributor Author

#883 is similar, not sure if the root cause is the same

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant