fix(cnpgi): support custom plugin certificate DNS names by armru · Pull Request #9222 · cloudnative-pg/cloudnative-pg
label
Nov 18, 2025
armru
changed the title
feat: add support for custom plugin certificate DNS names
feat(cnpgi): add support for custom plugin certificate DNS names
mnencia
changed the title
feat(cnpgi): add support for custom plugin certificate DNS names
fix(cnpgi): add support for custom plugin certificate DNS names
gbartolini
changed the title
fix(cnpgi): add support for custom plugin certificate DNS names
fix(cnpgi): support custom plugin certificate DNS names
Add a new annotation `cnpg.io/pluginServerName` that allows customizing the DNS name used for TLS certificate verification when connecting to CNPG-I plugins. Previously, the operator always used the Service name as the ServerName in the TLS configuration. This caused issues in environments where the plugin's certificate was issued with a different DNS name (e.g., `barman-cloud.svc` instead of `barman-cloud`). With this change, users can specify the expected DNS name via the new annotation, enabling the operator to verify the plugin's certificate against the custom name while still connecting to the Service. Fixes #9218 Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
cnpg-bot pushed a commit that referenced this pull request
Nov 21, 2025
Add a new annotation `cnpg.io/pluginServerName` that allows customizing the DNS name used for TLS certificate verification when connecting to CNPG-I plugins. Previously, the operator always used the Service name as the ServerName in the TLS configuration. This caused issues in environments where the plugin's certificate was issued with a different DNS name (e.g. `barman-cloud.svc` instead of `barman-cloud`). With this change, users can specify the expected DNS name via the new annotation, enabling the operator to verify the plugin's certificate against the custom name while still connecting to the Service. Closes #9218 Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com> (cherry picked from commit d475849)
cnpg-bot pushed a commit that referenced this pull request
Nov 21, 2025
Add a new annotation `cnpg.io/pluginServerName` that allows customizing the DNS name used for TLS certificate verification when connecting to CNPG-I plugins. Previously, the operator always used the Service name as the ServerName in the TLS configuration. This caused issues in environments where the plugin's certificate was issued with a different DNS name (e.g. `barman-cloud.svc` instead of `barman-cloud`). With this change, users can specify the expected DNS name via the new annotation, enabling the operator to verify the plugin's certificate against the custom name while still connecting to the Service. Closes #9218 Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com> (cherry picked from commit d475849)
mnencia pushed a commit that referenced this pull request
Nov 26, 2025
Add a new annotation `cnpg.io/pluginServerName` that allows customizing the DNS name used for TLS certificate verification when connecting to CNPG-I plugins. Previously, the operator always used the Service name as the ServerName in the TLS configuration. This caused issues in environments where the plugin's certificate was issued with a different DNS name (e.g. `barman-cloud.svc` instead of `barman-cloud`). With this change, users can specify the expected DNS name via the new annotation, enabling the operator to verify the plugin's certificate against the custom name while still connecting to the Service. Closes #9218 Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com> (cherry picked from commit d475849)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters