Fix worker and admin ca (#7807)

* Fix Worker and Admin CA in helm chart * Fix Worker and Admin CA in helm chart - add security.toml modification * Fix Worker and Admin CA in helm chart - fix security.toml modification error * Fix Worker and Admin CA in helm chart - fix errors in volume mounts * Fix Worker and Admin CA in helm chart - address review comments - Remove worker-cert from admin pod (principle of least privilege) - Remove admin-cert from worker pod (principle of least privilege) - Remove overly broad namespace wildcards from admin-cert dnsNames - Remove overly broad namespace wildcards from worker-cert dnsNames --------- Co-authored-by: chrislu <chris.lu@gmail.com>
2025-12-17 21:51:45 +01:00
parent df0ea18084
commit 22271358c6
5 changed files with 106 additions and 0 deletions
--- a/k8s/charts/seaweedfs/templates/admin/admin-statefulset.yaml
+++ b/k8s/charts/seaweedfs/templates/admin/admin-statefulset.yaml
@@ -203,6 +203,9 @@ spec:
            - name: client-cert
              readOnly: true
              mountPath: /usr/local/share/ca-certificates/client/
+            - name: admin-cert
+              readOnly: true
+              mountPath: /usr/local/share/ca-certificates/admin/
            {{- end }}
            {{ tpl .Values.admin.extraVolumeMounts . | nindent 12 | trim }}
          ports:
@@ -298,6 +301,9 @@ spec:
        - name: client-cert
          secret:
            secretName: {{ template "seaweedfs.name" . }}-client-cert
+        - name: admin-cert
+          secret:
+            secretName: {{ template "seaweedfs.name" . }}-admin-cert
        {{- end }}
        {{ tpl .Values.admin.extraVolumes . | indent 8 | trim }}
      {{- if .Values.admin.nodeSelector }}