Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

helm chart (cert-manager) does not support wildcards #523

Open
ppodevlabs opened this issue Sep 12, 2024 · 3 comments · May be fixed by #524
Open

helm chart (cert-manager) does not support wildcards #523

ppodevlabs opened this issue Sep 12, 2024 · 3 comments · May be fixed by #524
Labels
bug Something isn't working

Comments

@ppodevlabs
Copy link

Bug description

When enabling cert-manager for certificates, if you add a wildcard to the dns extra configuration it fails with

Error: YAML parse error on capsule-proxy/templates/certmanager.yaml: error converting YAML to JSON: yaml: line 8: did not find expected alphabetic or numeric character
helm.go:84: [debug] error converting YAML to JSON: yaml: line 8: did not find expected alphabetic or numeric character
YAML parse error on capsule-proxy/templates/certmanager.yaml
helm.sh/helm/v3/pkg/releaseutil.(*manifestFile).sort
	helm.sh/helm/v3/pkg/releaseutil/manifest_sorter.go:146
helm.sh/helm/v3/pkg/releaseutil.SortManifests
	helm.sh/helm/v3/pkg/releaseutil/manifest_sorter.go:106
helm.sh/helm/v3/pkg/action.(*Configuration).renderResources
	helm.sh/helm/v3/pkg/action/action.go:168
helm.sh/helm/v3/pkg/action.(*Install).RunWithContext
	helm.sh/helm/v3/pkg/action/install.go:312
main.runInstall
	helm.sh/helm/v3/cmd/helm/install.go:314
main.newTemplateCmd.func2
	helm.sh/helm/v3/cmd/helm/template.go:95
github.com/spf13/cobra.(*Command).execute
	github.com/spf13/[email protected]/command.go:983
github.com/spf13/cobra.(*Command).ExecuteC
	github.com/spf13/[email protected]/command.go:1115
github.com/spf13/cobra.(*Command).Execute
	github.com/spf13/[email protected]/command.go:1039
main.main
	helm.sh/helm/v3/cmd/helm/helm.go:83
runtime.main
	runtime/proc.go:271
runtime.goexit
	runtime/asm_arm64.s:1222

How to reproduce

use values:

certManager:
  generateCertificates: true
  issuer:
    kind: Issuer
  certificate:
    includeInternalServiceNames: true
    dnsNames:
    - "*-proxy.capsule-system.svc"

Expected behavior

It shoudl generate the certificate object with the proper wildcard in there

Additional context

  • Capsule-Proxy version: 0.7.1
  • Helm Chart version: 0.7.1
  • Kubernetes version: 1.28.9
@ppodevlabs ppodevlabs added the bug Something isn't working label Sep 12, 2024
@prometherion
Copy link
Member

I think this is not supported in Cert Manager, since the wildcard support is allowed only for DNS01 challenges.

@ppodevlabs ppodevlabs linked a pull request Sep 12, 2024 that will close this issue
Open
@ppodevlabs
Copy link
Author

I think this is not supported in Cert Manager, since the wildcard support is allowed only for DNS01 challenges.

Hi!
i think quoting won't break any dns name, eitherway i did a test with a certificate and it works as expected

Issuer

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: self-signed
spec:
  selfSigned: {}

Certificate

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: test-serving-cert
spec:
  dnsNames:
  - capsule-proxy
  - capsule-proxy.capsule-system.svc
  - '*-proxy.capsule-system.svc'
  issuerRef:
    kind: ClusterIssuer
    name: self-signed
  secretName: test-cert
  subject:
    organizations:
    - clastix.io
status:
  conditions:
  - lastTransitionTime: "2024-09-13T06:20:01Z"
    message: Certificate is up to date and has not expired
    observedGeneration: 1
    reason: Ready
    status: "True"
    type: Ready
  notAfter: "2024-12-12T06:20:01Z"
  notBefore: "2024-09-13T06:20:01Z"
  renewalTime: "2024-11-12T06:20:01Z"
  revision: 1

@prometherion
Copy link
Member

Thanks for testing it! 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: allow wildcards on certificate generation enreach-labs/capsule-proxy
2 participants
@ppodevlabs @prometherion