Skip to content

Commit

Permalink
Update to initializer for truststore only deployments (#2)
Browse files Browse the repository at this point in the history
Previous fix wasn't complete as I forgot to update the initializer pod.
I am also fixing the VKCONFIG_JVM_OPTS, which didn't have correct
spacing.
  • Loading branch information
spilchen authored Nov 21, 2023
1 parent ca23075 commit b707618
Show file tree
Hide file tree
Showing 5 changed files with 54 additions and 4 deletions.
2 changes: 1 addition & 1 deletion Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ apiVersion: v2
name: vertica-kafka-scheduler
description: Deploys the Vertica Kafka Scheduler in Kubernetes
type: application
version: 0.1.4
version: 0.1.5
# The appVersion corresponds to the Vertica version
appVersion: "23.4.0"
icon: https://raw.githubusercontent.com/vertica/kafka-scheduler-chart/main/vertica-logo.png
Expand Down
2 changes: 1 addition & 1 deletion templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ Generate te value for VKCONFIG_JVM_OPTS based on values.yaml
*/}}
{{- define "vertica-kafka-scheduler.jvmOpts" -}}
{{- if .Values.tls.enabled -}}
"{{- if .Values.tls.trustStoreSecretName -}}-Djavax.net.ssl.trustStore={{ .Values.tls.trustStoreMountPath }}/{{ .Values.tls.trustStoreSecretKey }}{{- end -}}{{- if .Values.tls.keyStoreSecretName -}} -Djavax.net.ssl.keyStore={{ .Values.tls.keyStoreMountPath }}/{{ .Values.tls.keyStoreSecretKey }} -Djavax.net.ssl.keyStorePassword={{ .Values.tls.keyStorePassword }} {{ .Values.jvmOpts }}{{- end -}}"
"{{ if .Values.tls.trustStoreSecretName }}-Djavax.net.ssl.trustStore={{ .Values.tls.trustStoreMountPath }}/{{ .Values.tls.trustStoreSecretKey }}{{ end }}{{ if .Values.tls.keyStoreSecretName }} -Djavax.net.ssl.keyStore={{ .Values.tls.keyStoreMountPath }}/{{ .Values.tls.keyStoreSecretKey }} -Djavax.net.ssl.keyStorePassword={{ .Values.tls.keyStorePassword }} {{ .Values.jvmOpts }}{{ end }}"
{{- else -}}
{{ default (quote "") .Values.jvmOpts }}
{{- end }}
Expand Down
8 changes: 8 additions & 0 deletions templates/pod.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,15 @@ spec:
- name: vkconfig
mountPath: /opt/vertica/packages/kafka/config
{{- if .Values.tls.enabled }}
{{- if .Values.tls.trustStoreSecretName }}
- name: truststore
mountPath: {{ .Values.tls.trustStoreMountPath }}
{{- end }}
{{- if .Values.tls.keyStoreSecretName }}
- name: keystore
mountPath: {{ .Values.tls.keyStoreMountPath }}
{{- end }}
{{- end }}
env:
- name: VKCONFIG_JVM_OPTS
value: {{ include "vertica-kafka-scheduler.jvmOpts" . }}
Expand All @@ -44,13 +48,17 @@ spec:
configMap:
name: {{ include "vertica-kafka-scheduler.configmap-fullname" . }}
{{- if .Values.tls.enabled }}
{{- if .Values.tls.trustStoreSecretName }}
- name: truststore
secret:
secretName: {{ .Values.tls.trustStoreSecretName }}
{{- end }}
{{- if .Values.tls.keyStoreSecretName }}
- name: keystore
secret:
secretName: {{ .Values.tls.keyStoreSecretName }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
42 changes: 42 additions & 0 deletions tests/pod_test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
suite: Pod tests
templates:
- pod.yaml
tests:
- it: should not include keystore volume if only truststore enabled for TLS
set:
tls:
enabled: true
trustStoreMountPath: /truststore
trustStoreSecretKey: trust-store.jks
trustStoreSecretName: truststore-jks
launcherEnabled: true
asserts:
- isKind:
of: Pod
- contains:
path: spec.containers[0].env
content:
name: VKCONFIG_JVM_OPTS
value: "-Djavax.net.ssl.trustStore=/truststore/trust-store.jks"
- contains:
path: spec.volumes
content:
name: truststore
secret:
secretName: truststore-jks
- notContains:
path: spec.volumes
any: true
content:
name: keystore
- contains:
path: spec.containers[0].volumeMounts
content:
name: truststore
mountPath: /truststore
- notContains:
path: spec.containers[0].volumeMounts
any: true
content:
name: keystore

4 changes: 2 additions & 2 deletions tests/tls_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ tests:
path: spec.template.spec.containers[0].env
content:
name: VKCONFIG_JVM_OPTS
value: '-Djavax.net.ssl.trustStore=/truststore/truststore-Djavax.net.ssl.keyStore=/keystore/keystore -Djavax.net.ssl.keyStorePassword=pwd '
value: '-Djavax.net.ssl.trustStore=/truststore/truststore -Djavax.net.ssl.keyStore=/keystore/keystore -Djavax.net.ssl.keyStorePassword=pwd '
- it: should have JVM opts set if TLS is configured with just truststore
set:
tls:
Expand Down Expand Up @@ -120,4 +120,4 @@ tests:
path: spec.template.spec.containers[0].env
content:
name: VKCONFIG_JVM_OPTS
value: '-Djavax.net.ssl.keyStore=/keystore/keystore -Djavax.net.ssl.keyStorePassword=my-secret '
value: ' -Djavax.net.ssl.keyStore=/keystore/keystore -Djavax.net.ssl.keyStorePassword=my-secret '

0 comments on commit b707618

Please sign in to comment.