SSL certificate is not updated when a cluster resize
MilkyWay-core opened this issue · 1 comments
MilkyWay-core commented
Certificate not get alt-names (Dns names) for new brokers when enabled SSL authorization and cluster was by resized
steps to reproduce the issue:
- Enable SSL authorization
- Enable envoy
- Resize cluster
- Verify certificate [cluster]-all-brokers
I expect that certificate [cluster]-all-brokers get new alt-name after resize cluster
bartam1 commented
Hello @MilkyWay-core !
Thank you for reporting this.
It is not a critical but a valid issue.
It is not an easy fix. We will look into it.
If this is problematic for you now I suggest to use the ServerSSLSecret reference:
koperator/api/v1beta1/kafkacluster_types.go
Line 560 in 8bbde8e
There you can create your own certificates for your listeners.