thelabdude commented on a change in pull request #312:
URL: https://github.com/apache/solr-operator/pull/312#discussion_r700369485
##########
File path: controllers/solrprometheusexporter_controller.go
##########
@@ -434,53 +458,133 @@ func (r *SolrPrometheusExporterReconciler)
buildSecretWatch(secretField string,
builder.WithPredicates(predicate.ResourceVersionChangedPredicate{})), nil
}
-func (r *SolrPrometheusExporterReconciler)
reconcileTLSConfig(prometheusExporter *solrv1beta1.SolrPrometheusExporter)
(*util.TLSConfig, error) {
- opts := prometheusExporter.Spec.SolrReference.SolrTLS
-
- tls := &util.TLSConfig{}
- tls.InitContainerImage = prometheusExporter.Spec.BusyBoxImage
- tls.Options = opts
+// Reconcile the various options for configuring TLS for the exporter
+// The exporter is a client to Solr pods, so can either just have a truststore
so it trusts Solr certs
+// Or it can have its own client auth cert when Solr mTLS is required
+func (r *SolrPrometheusExporterReconciler)
reconcileTLSConfig(prometheusExporter *solrv1beta1.SolrPrometheusExporter)
(*util.TLSCerts, error) {
+ tls := util.TLSCertsForExporter(prometheusExporter)
+ opts := tls.ClientConfig.Options
if opts.PKCS12Secret != nil {
Review comment:
Greatly reduced the amount of code in the TLS reconcile loops for
SolrCloud and Exporter in the last commit. Good eye!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
