Skip to content

announce community instances in cert subjects #384

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
qrkourier merged 13 commits into from
Feb 24, 2026
Merged

announce community instances in cert subjects #384

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
6813bab
announce community instances in cert subjects
qrkourier Feb 13, 2026
58ce7b7
bump chart version
qrkourier Feb 13, 2026
86c8492
use miniziti branch
qrkourier Feb 18, 2026
93a0328
wait longer for zrok test job
qrkourier Feb 19, 2026
5c4c205
resume using main miniziti.bash
qrkourier Feb 19, 2026
b32c473
Merge branch 'main' into server-cert-subjects
qrkourier Feb 19, 2026
a259847
set verbose on miniziti controller/router and optionally override zit…
qrkourier Feb 20, 2026
c63e209
always use latest stable ziti cli version for interacting with the te…
qrkourier Feb 20, 2026
5e3f5ce
correct actions syntax
qrkourier Feb 20, 2026
89100a3
move k8s test procedure to a script so it can be run locally too
qrkourier Feb 23, 2026
631554b
add retry handler for the verify traffic command
qrkourier Feb 23, 2026
167b2d5
pass namespace through to miniziti profile
qrkourier Feb 24, 2026
1e33c81
optionally override miniziti executable
qrkourier Feb 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/miniziti.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ jobs:
uses: supplypike/setup-bin@v5
with:
# uri: https://get.openziti.io/miniziti.bash
uri: https://raw.githubusercontent.com/openziti/ziti/d1cdb171ed59242cd232ac6da4b75da16110bd64/quickstart/kubernetes/miniziti.bash
uri: https://raw.githubusercontent.com/openziti/ziti/retire-ingress-nginx/quickstart/kubernetes/miniziti.bash
# uri: https://raw.githubusercontent.com/openziti/ziti/<testing ref>/quickstart/kubernetes/miniziti.bash
name: miniziti
version: quickstartrelease
Expand Down
2 changes: 1 addition & 1 deletion charts/ziti-controller/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@ appVersion: 1.7.2
description: Host an OpenZiti controller in Kubernetes
name: ziti-controller
type: application
version: 3.1.0
version: 3.1.1
2 changes: 1 addition & 1 deletion charts/ziti-controller/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

# ziti-controller

![Version: 3.1.0](https://img.shields.io/badge/Version-3.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.2](https://img.shields.io/badge/AppVersion-1.7.2-informational?style=flat-square)
![Version: 3.1.1](https://img.shields.io/badge/Version-3.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.2](https://img.shields.io/badge/AppVersion-1.7.2-informational?style=flat-square)

Host an OpenZiti controller in Kubernetes

Expand Down
12 changes: 12 additions & 0 deletions charts/ziti-controller/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,18 @@ that are managed by cert-manager
{{- dict "certManagerCerts" $filteredCerts | toJson -}}
{{- end -}}

{{/*
Resolve the organization used in server certificate subjects.
*/}}
{{- define "ziti-controller.serverCertSubjectOrganization" -}}
{{- $edition := (get .Values "edition") | default dict -}}
{{- if (get $edition "enterprise" | default false) -}}
Enterprise Edition
{{- else -}}
OpenZiti Community
{{- end -}}
{{- end -}}

{{/*
Validate cluster mode.
Returns one of: "standalone", "cluster-init", "cluster-join", "cluster-migrate".
Expand Down
3 changes: 3 additions & 0 deletions charts/ziti-controller/templates/alt-certificate.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ metadata:
name: {{ printf "%s-alt-cert-%d" (include "ziti-controller.fullname" $) $index }}
namespace: {{ $.Release.Namespace }}
spec:
subject:
organizations:
- {{ include "ziti-controller.serverCertSubjectOrganization" $ | quote }}
{{- if $cert.secretName }}
secretName: {{ $cert.secretName | quote }}
{{- else }}
Expand Down
3 changes: 3 additions & 0 deletions charts/ziti-controller/templates/ca-ctrl-identity.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,9 @@ metadata:
{{- include "ziti-controller.labels" . | nindent 4 }}
spec:
commonName: {{ default (printf "%s-ctrl-plane-identity" (include "ziti-controller.fullname" .)) .Values.cluster.nodeName }}
subject:
organizations:
- {{ include "ziti-controller.serverCertSubjectOrganization" . | quote }}
secretName: {{ include "ziti-controller.fullname" . }}-ctrl-plane-identity-secret
isCA: false
duration: {{ .Values.cert.duration }}
Expand Down
9 changes: 9 additions & 0 deletions charts/ziti-controller/templates/ca-web-identity.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,9 @@ metadata:
{{- include "ziti-controller.labels" . | nindent 4 }}
spec:
commonName: {{ include "ziti-controller.fullname" . }}-web-identity
subject:
organizations:
- {{ include "ziti-controller.serverCertSubjectOrganization" . | quote }}
secretName: {{ include "ziti-controller.fullname" . }}-web-identity-secret
isCA: false
duration: {{ .Values.cert.duration }}
Expand Down Expand Up @@ -115,6 +118,9 @@ metadata:
{{- include "ziti-controller.labels" . | nindent 4 }}
spec:
commonName: {{ include "ziti-controller.fullname" . }}-mgmt
subject:
organizations:
- {{ include "ziti-controller.serverCertSubjectOrganization" . | quote }}
secretName: {{ include "ziti-controller.fullname" . }}-web-mgmt-api-secret
isCA: false
duration: {{ .Values.cert.duration }}
Expand Down Expand Up @@ -162,6 +168,9 @@ metadata:
{{- include "ziti-controller.labels" . | nindent 4 }}
spec:
commonName: {{ include "ziti-controller.fullname" . }}-prometheus
subject:
organizations:
- {{ include "ziti-controller.serverCertSubjectOrganization" . | quote }}
secretName: {{ include "ziti-controller.fullname" . }}-web-prometheus-metrics-secret
isCA: false
duration: {{ .Values.cert.duration }}
Expand Down
Loading