thelabdude commented on a change in pull request #312:
URL: https://github.com/apache/solr-operator/pull/312#discussion_r699690548
##########
File path: controllers/solrprometheusexporter_controller.go
##########
@@ -434,53 +458,133 @@ func (r *SolrPrometheusExporterReconciler)
buildSecretWatch(secretField string,
builder.WithPredicates(predicate.ResourceVersionChangedPredicate{})), nil
}
-func (r *SolrPrometheusExporterReconciler)
reconcileTLSConfig(prometheusExporter *solrv1beta1.SolrPrometheusExporter)
(*util.TLSConfig, error) {
- opts := prometheusExporter.Spec.SolrReference.SolrTLS
-
- tls := &util.TLSConfig{}
- tls.InitContainerImage = prometheusExporter.Spec.BusyBoxImage
- tls.Options = opts
+// Reconcile the various options for configuring TLS for the exporter
+// The exporter is a client to Solr pods, so can either just have a truststore
so it trusts Solr certs
+// Or it can have its own client auth cert when Solr mTLS is required
+func (r *SolrPrometheusExporterReconciler)
reconcileTLSConfig(prometheusExporter *solrv1beta1.SolrPrometheusExporter)
(*util.TLSCerts, error) {
+ tls := util.TLSCertsForExporter(prometheusExporter)
+ opts := tls.ClientConfig.Options
if opts.PKCS12Secret != nil {
Review comment:
yeah, let me take another stab on consolidating the reconcile loop
around this, definitely a lot of similarity that can be reused.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
