Skip to content

fix(charts/redis-operator): use dynamic serviceDNSDomain in cert-manager#1744

Closed
Marco-Valle wants to merge 1 commit intoOT-CONTAINER-KIT:mainfrom
Marco-Valle:main
Closed

fix(charts/redis-operator): use dynamic serviceDNSDomain in cert-manager#1744
Marco-Valle wants to merge 1 commit intoOT-CONTAINER-KIT:mainfrom
Marco-Valle:main

Conversation

@Marco-Valle
Copy link
Copy Markdown

@Marco-Valle Marco-Valle commented Apr 17, 2026
edited
Loading

Description

This PR addresses an issue in the redis-operator Helm chart where the Certificate resource SANs (Subject Alternative Names) were hardcoded to use the .cluster.local domain suffix.

When a cluster is configured with a custom serviceDNSDomain (e.g., custom.domain), the generated certificate fails to match the actual service identity, as the SANs do not reflect the environment's DNS configuration.

Fixes #1743

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • Tests have been added/modified and all tests pass.
  • Functionality/bugs have been confirmed to be unchanged or fixed.
  • I have performed a self-review of my own code.
  • Documentation has been updated or added where necessary.

Additional Context
To verify the fix, the chart was deployed with a custom domain configuration:

redisOperator:
  serviceDNSDomain: "custom.domain"

@Marco-Valle Marco-Valle force-pushed the main branch 2 times, most recently from e0f0346 to 7891884 Compare April 17, 2026 01:37
@Marco-Valle
fix(charts/redis-operator): use dynamic serviceDNSDomain in cert-manager
cad63d7 
The Certificate template in charts/redis-operator was hardcoded to use
'.cluster.local' for DNS names. This caused TLS handshake failures in
clusters configured with a custom serviceDNSDomain.

This change replaces the hardcoded suffix with the
.Values.redisOperator.serviceDNSDomain variable to ensure SANs match
the actual cluster environment.

Signed-off-by: Marco Valle <marco.valle@tosec.it>
@Marco-Valle
Copy link
Copy Markdown
Author

Marco-Valle commented Apr 22, 2026

I see PR #1752 covers both the certificate and the webhook configuration, including a default value.
That looks like a more complete fix, so I'm happy to close mine in favor of that one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shubham-cmyk shubham-cmyk Awaiting requested review from shubham-cmyk shubham-cmyk is a code owner

@drivebyer drivebyer Awaiting requested review from drivebyer drivebyer is a code owner

@iamabhishek-dubey iamabhishek-dubey Awaiting requested review from iamabhishek-dubey iamabhishek-dubey is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[redis-operator chart] Hardcoded .cluster.local in cert-manager template SANs

1 participant

@Marco-Valle