Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Certificate Revocation Lists (CRL) #1429

Open
JakeSCahill opened this issue Jul 18, 2024 · 2 comments
Open

Add support for Certificate Revocation Lists (CRL) #1429

JakeSCahill opened this issue Jul 18, 2024 · 2 comments

Comments

@JakeSCahill
Copy link
Contributor

JakeSCahill commented Jul 18, 2024
edited
Loading

What would you like to be added?

In 24.2, Redpanda will support Certificate Revocation Lists (CRLs) for TLS-encrypted connections. To support CRLs in the Helm chart, we require some changes.

Changes Required

Update values.yaml to add new fields under the tls section for each listener to specify the CRL paths. For example:

tls:
  enabled: true
  certs:
    default:
      caEnabled: true
    external:
      caEnabled: true

  # Global CRL field
  crlFile:
    secretKeyRef:
      key:
      name:

listeners:
  admin:
    port: 9644
    tls:
      cert: default
      requireClientAuth: false
      crlFile:
        secretKeyRef:
          key:
          name:
    external:
      default:
        port: 9645
        tls:
          cert: external
          crlFile:
            secretKeyRef:
              key:
              name:
  kafka:
    port: 9093
    authenticationMethod: "sasl"
    tls:
      cert: default
      requireClientAuth: false
      crlFile:
        secretKeyRef:
          key:
          name:
    external:
      default:
        port: 9094
        tls:
          cert: external
          crlFile:
            secretKeyRef:
              key:
              name:

  # Other listeners...

Why is this needed?

To support the new CRL crl_file field in Redpanda >=24.2

JIRA Link: K8S-298
@JakeSCahill JakeSCahill changed the title Add support for Certificate Revocation Lists (CRL) in Helm chart Add support for Certificate Revocation Lists (CRL) Jul 18, 2024
@chrisseto
Copy link
Contributor

I would lean toward following the same pattern as truststore_file: https://github.com/redpanda-data/helm-charts/pull/1373/files#diff-9816759f5552bf9796d055b4dd5bb21fe21633582b33349ba828ac5d4092ffe2R422-R426

@JakeSCahill
Copy link
Contributor Author

Updated the example to reflect the same pattern as truststore_file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chrisseto @JakeSCahill