[GitHub] [solr-operator] HoustonPutman commented on a change in pull request #309: Refactor TLS setup code into a separate file and consolidate logic between the StatefulSet and exporter Deployment

[GitBox]

HoustonPutman commented on a change in pull request #309:
URL: https://github.com/apache/solr-operator/pull/309#discussion_r690739265



##########
File path: controllers/util/solr_util.go
##########
@@ -601,6 +552,11 @@ func GenerateStatefulSet(solrCloud *solr.SolrCloud, 
solrCloudStatus *solr.SolrCl
                }
        }
 
+       // Enrich the StatefulSet config to enable TLS on Solr pods if needed
+       if tls != nil {
+               tls.enableTLSOnSolrCloudStatefulSet(stateful)

Review comment:
       Yeah this is great. Hopefully we can abstract out other parts of this 
awful method and make it nice and clean.

##########
File path: controllers/solrcloud_controller.go
##########
@@ -364,51 +364,57 @@ func (r *SolrCloudReconciler) Reconcile(req ctrl.Request) 
(ctrl.Result, error) {
                blockReconciliationOfStatefulSet = true
        }
 
-       tlsCertMd5 := ""
-       needsPkcs12InitContainer := false // flag if the StatefulSet needs an 
additional initCont to create PKCS12 keystore
        // don't start reconciling TLS until we have ZK connectivity, avoids 
TLS code having to check for ZK
-       if !blockReconciliationOfStatefulSet && instance.Spec.SolrTLS != nil && 
instance.Spec.SolrTLS.PKCS12Secret != nil {
-               foundTLSSecret, err := 
r.verifyTLSSecretConfig(instance.Spec.SolrTLS.PKCS12Secret.Name, 
instance.Namespace, instance.Spec.SolrTLS.KeyStorePasswordSecret)
-               if err != nil {
-                       return requeueOrNot, err
-               } else {
-                       // We have a watch on secrets, so will get notified 
when the secret changes (such as after cert renewal)
-                       // capture the hash of the secret and stash in an 
annotation so that pods get restarted if the cert changes
-                       if instance.Spec.SolrTLS.RestartOnTLSSecretUpdate {
-                               if tlsCertBytes, ok := 
foundTLSSecret.Data[util.TLSCertKey]; ok {
-                                       tlsCertMd5 = fmt.Sprintf("%x", 
md5.Sum(tlsCertBytes))
-                               } else {
-                                       return requeueOrNot, fmt.Errorf("%s key 
not found in TLS secret %s, cannot watch for updates to"+
-                                               " the cert without this data 
but 'solrTLS.restartOnTLSSecretUpdate' is enabled!",
-                                               util.TLSCertKey, 
foundTLSSecret.Name)
+       var tls *util.TLSConfig
+       if !blockReconciliationOfStatefulSet && instance.Spec.SolrTLS != nil {
+               tls = &util.TLSConfig{}

Review comment:
       `TLSConfig` is fine with me




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org