thelabdude commented on a change in pull request #309: URL: https://github.com/apache/solr-operator/pull/309#discussion_r690703569
########## File path: controllers/solrcloud_controller.go ########## @@ -364,51 +364,57 @@ func (r *SolrCloudReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { blockReconciliationOfStatefulSet = true } - tlsCertMd5 := "" - needsPkcs12InitContainer := false // flag if the StatefulSet needs an additional initCont to create PKCS12 keystore // don't start reconciling TLS until we have ZK connectivity, avoids TLS code having to check for ZK - if !blockReconciliationOfStatefulSet && instance.Spec.SolrTLS != nil && instance.Spec.SolrTLS.PKCS12Secret != nil { - foundTLSSecret, err := r.verifyTLSSecretConfig(instance.Spec.SolrTLS.PKCS12Secret.Name, instance.Namespace, instance.Spec.SolrTLS.KeyStorePasswordSecret) - if err != nil { - return requeueOrNot, err - } else { - // We have a watch on secrets, so will get notified when the secret changes (such as after cert renewal) - // capture the hash of the secret and stash in an annotation so that pods get restarted if the cert changes - if instance.Spec.SolrTLS.RestartOnTLSSecretUpdate { - if tlsCertBytes, ok := foundTLSSecret.Data[util.TLSCertKey]; ok { - tlsCertMd5 = fmt.Sprintf("%x", md5.Sum(tlsCertBytes)) - } else { - return requeueOrNot, fmt.Errorf("%s key not found in TLS secret %s, cannot watch for updates to"+ - " the cert without this data but 'solrTLS.restartOnTLSSecretUpdate' is enabled!", - util.TLSCertKey, foundTLSSecret.Name) + var tls *util.TLSConfig + if !blockReconciliationOfStatefulSet && instance.Spec.SolrTLS != nil { + tls = &util.TLSConfig{} Review comment: The `TLSConfig` struct allows us to hold the `TLSOptions` that from from the user config as well as additional config info determined during reconciliation, such as the MD5 hash of the cert. Not married to the name of this struct ... could be `TLSOptionsAndReconciledVars` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org