Skip to content

feat: Support DCs in the subject DN of TLS certificates#708

Merged
siegfriedweber merged 13 commits into
mainfrom
feat/improve-subject-dn
Jun 25, 2026
Merged

feat: Support DCs in the subject DN of TLS certificates#708
siegfriedweber merged 13 commits into
mainfrom
feat/improve-subject-dn

Conversation

@siegfriedweber

@siegfriedweber siegfriedweber commented May 19, 2026

Copy link
Copy Markdown
Member

Description

Support adding domain components to the subject DN of TLS certificates with the volume annotation secrets.stackable.tech/backend.autotls.cert.domain-components-in-subject-dn

Part of #617

Definition of Done Checklist

  • Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
  • Please make sure all these things are done and tick the boxes

Author

Reviewer

  • Code contains useful comments
  • Code contains useful logging statements
  • (Integration-)Test cases added
  • Documentation added or updated. Follows the style guide.
  • Changelog updated
  • Cargo.toml only contains references to git tags (not specific commits or branches)

Acceptance

  • Feature Tracker has been updated
  • Proper release label has been added
  • Links to generated (nightly) docs added
  • Release note snippet added
  • Add type/deprecation label & add to the deprecation schedule
  • Add type/experimental label & add to the experimental features tracker

@siegfriedweber siegfriedweber self-assigned this May 19, 2026
@siegfriedweber siegfriedweber force-pushed the feat/improve-subject-dn branch from 67c9451 to e3bf527 Compare May 21, 2026 14:25
…tech/backend.autotls.cert.domain-components-in-subject-dn"
@siegfriedweber siegfriedweber marked this pull request as ready for review May 27, 2026 12:32

@Techassi Techassi left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just two nitpicks, otherwise looks very straight forward.

Comment thread rust/operator-binary/src/backend/auto_tls/mod.rs
Comment thread tests/templates/kuttl/tls/10_consumer.yaml.j2 Outdated
@siegfriedweber siegfriedweber requested a review from Techassi June 25, 2026 08:49
@siegfriedweber siegfriedweber added this pull request to the merge queue Jun 25, 2026
Merged via the queue into main with commit bb4dece Jun 25, 2026
12 checks passed
@siegfriedweber siegfriedweber deleted the feat/improve-subject-dn branch June 25, 2026 11:21
@siegfriedweber siegfriedweber moved this to Development: Done in Stackable Engineering Jun 25, 2026
@siegfriedweber siegfriedweber added release-note Denotes a PR that will be considered when it comes time to generate release notes. scheduled-for/26.7.0 labels Jun 25, 2026
@siegfriedweber

siegfriedweber commented Jun 25, 2026

Copy link
Copy Markdown
Member Author

Release notes

Stackable secret-operator

The Stackable secret-operator now supports adding domain components to the subject DN of TLS certificates with the volume annotation secrets.stackable.tech/backend.autotls.cert.domain-components-in-subject-dn (see https://docs.stackable.tech/home/stable/secret-operator/volume/#_secrets_stackable_techbackend_autotls_cert_domain_components_in_subject_dn), e.g.:

volumes:
  - name: tls
    ephemeral:
      volumeClaimTemplate:
        metadata:
          annotations:
            secrets.stackable.tech/backend.autotls.cert.domain-components-in-subject-dn: "true"
            secrets.stackable.tech/class: tls
            secrets.stackable.tech/scope: node,pod
        spec:
          storageClassName: secrets.stackable.tech
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              storage: "1"

A pod of a StatefulSet could then serve a TLS certificate with the following subject DN:

CN=generated certificate for pod, DC=my-pod-0, DC=my-statefulset-service, DC=my-namespace, DC=svc, DC=cluster, DC=local

@lfrancke

Copy link
Copy Markdown
Member

Can you maybe add a concrete example for how this is used?

@lfrancke lfrancke moved this from Development: Done to Acceptance: In Progress in Stackable Engineering Jun 29, 2026
@siegfriedweber

Copy link
Copy Markdown
Member Author

Can you maybe add a concrete example for how this is used?

Concrete example added in #708 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

release/26.7.0 release-note Denotes a PR that will be considered when it comes time to generate release notes.

Projects

Status: Acceptance: In Progress

Development

Successfully merging this pull request may close these issues.

3 participants