search

projectcapsule / capsule-proxy

Reverse proxy for Capsule Operator.
https://github.com/projectcapsule/capsule
Apache License 2.0
43 stars 39 forks source link

helm chart (cert-manager) does not support wildcards #523

Open ppodevlabs opened 1 week ago

ppodevlabs commented 1 week ago

Bug description

When enabling cert-manager for certificates, if you add a wildcard to the dns extra configuration it fails with 

Error: YAML parse error on capsule-proxy/templates/certmanager.yaml: error converting YAML to JSON: yaml: line 8: did not find expected alphabetic or numeric character
helm.go:84: [debug] error converting YAML to JSON: yaml: line 8: did not find expected alphabetic or numeric character
YAML parse error on capsule-proxy/templates/certmanager.yaml
helm.sh/helm/v3/pkg/releaseutil.(*manifestFile).sort
    helm.sh/helm/v3/pkg/releaseutil/manifest_sorter.go:146
helm.sh/helm/v3/pkg/releaseutil.SortManifests
    helm.sh/helm/v3/pkg/releaseutil/manifest_sorter.go:106
helm.sh/helm/v3/pkg/action.(*Configuration).renderResources
    helm.sh/helm/v3/pkg/action/action.go:168
helm.sh/helm/v3/pkg/action.(*Install).RunWithContext
    helm.sh/helm/v3/pkg/action/install.go:312
main.runInstall
    helm.sh/helm/v3/cmd/helm/install.go:314
main.newTemplateCmd.func2
    helm.sh/helm/v3/cmd/helm/template.go:95
github.com/spf13/cobra.(*Command).execute
    github.com/spf13/cobra@v1.8.0/command.go:983
github.com/spf13/cobra.(*Command).ExecuteC
    github.com/spf13/cobra@v1.8.0/command.go:1115
github.com/spf13/cobra.(*Command).Execute
    github.com/spf13/cobra@v1.8.0/command.go:1039
main.main
    helm.sh/helm/v3/cmd/helm/helm.go:83
runtime.main
    runtime/proc.go:271
runtime.goexit
    runtime/asm_arm64.s:1222

How to reproduce

use values:

certManager:
  generateCertificates: true
  issuer:
    kind: Issuer
  certificate:
    includeInternalServiceNames: true
    dnsNames:
    - "*-proxy.capsule-system.svc"

Expected behavior

It shoudl generate the certificate object with the proper wildcard in there

Additional context

prometherion commented 1 week ago

I think this is not supported in Cert Manager, since the wildcard support is allowed only for DNS01 challenges.

ppodevlabs commented 1 week ago

I think this is not supported in Cert Manager, since the wildcard support is allowed only for DNS01 challenges.

Hi! i think quoting won't break any dns name, eitherway i did a test with a certificate and it works as expected

Issuer

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: self-signed
spec:
  selfSigned: {}

Certificate

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: test-serving-cert
spec:
  dnsNames:
  - capsule-proxy
  - capsule-proxy.capsule-system.svc
  - '*-proxy.capsule-system.svc'
  issuerRef:
    kind: ClusterIssuer
    name: self-signed
  secretName: test-cert
  subject:
    organizations:
    - clastix.io
status:
  conditions:
  - lastTransitionTime: "2024-09-13T06:20:01Z"
    message: Certificate is up to date and has not expired
    observedGeneration: 1
    reason: Ready
    status: "True"
    type: Ready
  notAfter: "2024-12-12T06:20:01Z"
  notBefore: "2024-09-13T06:20:01Z"
  renewalTime: "2024-11-12T06:20:01Z"
  revision: 1
prometherion commented 1 week ago

Thanks for testing it! 🚀