chinmoysahu commented on code in PR #815:
URL: https://github.com/apache/solr-operator/pull/815#discussion_r2728900464
##########
api/v1beta1/solrcloud_types.go:
##########
@@ -626,6 +638,90 @@ type SolrIngressTLSTermination struct {
TLSSecret string `json:"tlsSecret,omitempty"`
}
+// SolrGatewayOptions defines how a SolrCloud should be exposed via Kubernetes
Gateway API
+type SolrGatewayOptions struct {
+ // ParentRefs specifies the Gateway(s) to attach HTTPRoutes to.
+ // This is required when using method=Gateway.
+ //
+ // The referenced Gateway must already exist and be managed by your
platform team.
+ // The Solr Operator only manages the HTTPRoute resources.
+ //
+ // +kubebuilder:validation:MinItems=1
+ ParentRefs []GatewayParentReference `json:"parentRefs"`
+
+ // Annotations to add to HTTPRoute resources
+ // +optional
+ Annotations map[string]string `json:"annotations,omitempty"`
+
+ // Labels to add to HTTPRoute resources
+ // +optional
+ Labels map[string]string `json:"labels,omitempty"`
+
+ // BackendTLSPolicy defines TLS configuration for backend connections
from Gateway to Solr pods.
+ //
+ // This is used when Solr pods are running with TLS enabled
(spec.solrTLS) and the Gateway
+ // needs to establish secure connections to the backend services.
+ //
+ // The Solr Operator will create BackendTLSPolicy resources for each
HTTPRoute.
+ //
+ // +optional
+ BackendTLSPolicy *SolrBackendTLSPolicy
`json:"backendTLSPolicy,omitempty"`
+}
+
+// GatewayParentReference identifies a parent Gateway resource to attach
HTTPRoutes to
+type GatewayParentReference struct {
+ // Name of the Gateway resource
+ Name string `json:"name"`
+
+ // Namespace of the Gateway resource.
+ // If not specified, defaults to the HTTPRoute's namespace.
+ // +optional
+ Namespace *string `json:"namespace,omitempty"`
+
+ // SectionName refers to a specific listener on the Gateway.
+ // For example, "https" or "http".
+ // +optional
+ SectionName *string `json:"sectionName,omitempty"`
+}
+
+// SolrBackendTLSPolicy defines backend TLS configuration for Gateway API
+// +kubebuilder:validation:MaxProperties=1
+type SolrBackendTLSPolicy struct {
+ // CACertificateRefs contains one or more references to Kubernetes
objects that contain
+ // TLS certificates of the Certificate Authorities that can be used as
a trust anchor
+ // to validate the certificates presented by the backend.
+ //
+ // +optional
+ // +kubebuilder:validation:MaxItems=8
+ CACertificateRefs []GatewayCertificateReference
`json:"caCertificateRefs,omitempty"`
+
+ // WellKnownCACertificates specifies whether system CA certificates may
be used in the
+ // TLS handshake between the gateway and backend pod.
+ //
+ // If WellKnownCACertificates is unspecified or empty (""), then
CACertificateRefs must be
+ // specified with at least one entry for a valid configuration.
+ //
+ // Only one of CACertificateRefs or WellKnownCACertificates may be
specified, not both.
+ //
+ // +optional
+ WellKnownCACertificates *string
`json:"wellKnownCACertificates,omitempty"`
+}
Review Comment:
Updated docs and CRD description.
##########
tests/e2e/solrcloud_gateway_test.go:
##########
@@ -0,0 +1,281 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package e2e
+
+import (
+ "context"
+ solrv1beta1 "github.com/apache/solr-operator/api/v1beta1"
+ "github.com/apache/solr-operator/controllers/util"
+ . "github.com/onsi/ginkgo/v2"
+ . "github.com/onsi/gomega"
+)
+
+var _ = FDescribe("E2E - SolrCloud - Gateway API", func() {
+ var (
+ solrCloud *solrv1beta1.SolrCloud
+ gatewayNamespace = "default"
+ gatewayName = "test-gateway"
+ )
+
+ BeforeEach(func() {
+ solrCloud = generateBaseSolrCloud(1)
+ solrCloud.Spec.SolrAddressability =
solrv1beta1.SolrAddressabilityOptions{
+ External: &solrv1beta1.ExternalAddressability{
+ Method: solrv1beta1.Gateway,
+ UseExternalAddress: true,
+ DomainName: testDomain,
+ Gateway: &solrv1beta1.SolrGatewayOptions{
+ ParentRefs:
[]solrv1beta1.GatewayParentReference{
+ {
+ Name: gatewayName,
+ Namespace:
&gatewayNamespace,
+ },
+ },
+ },
+ },
+ }
+ })
+
+ JustBeforeEach(func(ctx context.Context) {
+ By("creating the SolrCloud")
+ Expect(k8sClient.Create(ctx, solrCloud)).To(Succeed())
+
+ DeferCleanup(func(ctx context.Context) {
+ cleanupTest(ctx, solrCloud)
+ })
+
+ By("Waiting for the SolrCloud to come up healthy")
+ solrCloud = expectSolrCloudToBeReady(ctx, solrCloud)
+
+ By("creating a first Solr Collection")
+ createAndQueryCollection(ctx, solrCloud, "basic", 1, 1)
+ })
+
+ FContext("Can Remove HTTPRoutes and Services when changing
addressability", func() {
Review Comment:
Addressed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
