diff --git a/helm/hpcc/templates/_helpers.tpl b/helm/hpcc/templates/_helpers.tpl index 40f1ae4b6d0..b2df7ca2da6 100644 --- a/helm/hpcc/templates/_helpers.tpl +++ b/helm/hpcc/templates/_helpers.tpl @@ -1894,6 +1894,7 @@ args: {{- end -}} {{- end -}} {{- $_ := set $local "dnsNames" (uniq $local.dnsNames ) -}} + {{- $_ := set $local "allDomains" (prepend (default list $issuer.alternativeDomains) $domain ) -}} {{- if $externalCert -}} {{- $_ := set $local "commonName" (mustFirst $local.dnsNames ) -}} {{- else -}} @@ -1929,7 +1930,9 @@ spec: {{- end }} dnsNames: {{- range $dnsName := $local.dnsNames }} - - {{ (printf "%s.%s" $dnsName $domain) | quote }} + {{- range $altDomain := $local.allDomains }} + - {{ (printf "%s.%s" $dnsName $altDomain) | quote }} + {{- end }} {{- end }} {{- if $spiffe }} uris: diff --git a/testing/helm/tests/multicertdomains.yaml b/testing/helm/tests/multicertdomains.yaml new file mode 100644 index 00000000000..d406fc54119 --- /dev/null +++ b/testing/helm/tests/multicertdomains.yaml @@ -0,0 +1,102 @@ +global: + privileged: true + egress: + restricted: false +certificates: + issuers: + remote: + name: hpcc-remote-issuer + domain: hpcc1 + alternativeDomains: + - foo.hpcc1 + - bar.hpcc1 + ## set enabled to true if adding remoteClients for any components + enabled: true + ## kind can be changed to ClusterIssue to refer to a ClusterIssuer. https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.ClusterIssuer + kind: Issuer + spiffe: false + ## do not define spec (set spec: null), to reference an Issuer resource that already exists in the cluster + ## change spec if you'd like to change how certificates get issued... see ## https://cert-manager.io/docs/configuration/#supported-issuer-types + ## for information on what spec should contain. + spec: + ca: + secretName: hpcc-local-issuer-key-pair # real config would use hpcc-remote, but examples have hpcc-local instructions + + signing: # intended to be used for signing/verification purposes only, e.g. by dafilesrv + name: hpcc-signing-issuer + ## kind can be changed to ClusterIssue to refer to a ClusterIssuer. https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.ClusterIssuer + kind: Issuer + ## do not define spec (set spec: null), to reference an Issuer resource that already exists in the cluster + ## change spec if you'd like to change how certificates get issued... see ## https://cert-manager.io/docs/configuration/#supported-issuer-types + ## for information on what spec should contain. + spec: + ca: + secretName: hpcc-signing-issuer-key-pair + +thor: null +eclagent: null +eclscheduler: null +dafilesrv: null +dfuserver: null + +sasha: + disabled: true + wu-archiver: + disabled: true + dfuwu-archiver: + disabled: true + dfurecovery-archiver: + disabled: true + file-expiry: + disabled: true + +esp: +- name: eclwatch + application: eclwatch + auth: none + replicas: 1 + service: + port: 8888 + servicePort: 18010 + visibility: local +- name: eclqueries + application: eclqueries + auth: none + replicas: 1 + service: + visibility: local + servicePort: 18002 +- name: eclservices + application: eclservices + auth: none + replicas: 1 + service: + servicePort: 8010 + visibility: cluster + +roxie: +- name: roxie1 + disabled: false + prefix: roxie1 + services: + - name: roxie1 + servicePort: 19876 + listenQueue: 200 + numThreads: 30 + visibility: local + trustClients: + - commonName: roxie2.hpcc2 + - name: roxie1backup + servicePort: 19877 + listenQueue: 200 + numThreads: 30 + visibility: local + trustClients: + - commonName: roxie2.hpcc2 + replicas: 1 + numChannels: 1 + serverReplicas: 0 + localAgent: false + traceLevel: 1 + topoServer: + replicas: 1