diff --git a/Chart.yaml b/Chart.yaml index e3f9cdc..d09cc84 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v2 name: vertica-kafka-scheduler description: Deploys the Vertica Kafka Scheduler in Kubernetes type: application -version: 0.1.4 +version: 0.1.5 # The appVersion corresponds to the Vertica version appVersion: "23.4.0" icon: https://raw.githubusercontent.com/vertica/kafka-scheduler-chart/main/vertica-logo.png diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 9a3e5ed..b6a2df8 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -104,7 +104,7 @@ Generate te value for VKCONFIG_JVM_OPTS based on values.yaml */}} {{- define "vertica-kafka-scheduler.jvmOpts" -}} {{- if .Values.tls.enabled -}} -"{{- if .Values.tls.trustStoreSecretName -}}-Djavax.net.ssl.trustStore={{ .Values.tls.trustStoreMountPath }}/{{ .Values.tls.trustStoreSecretKey }}{{- end -}}{{- if .Values.tls.keyStoreSecretName -}} -Djavax.net.ssl.keyStore={{ .Values.tls.keyStoreMountPath }}/{{ .Values.tls.keyStoreSecretKey }} -Djavax.net.ssl.keyStorePassword={{ .Values.tls.keyStorePassword }} {{ .Values.jvmOpts }}{{- end -}}" +"{{ if .Values.tls.trustStoreSecretName }}-Djavax.net.ssl.trustStore={{ .Values.tls.trustStoreMountPath }}/{{ .Values.tls.trustStoreSecretKey }}{{ end }}{{ if .Values.tls.keyStoreSecretName }} -Djavax.net.ssl.keyStore={{ .Values.tls.keyStoreMountPath }}/{{ .Values.tls.keyStoreSecretKey }} -Djavax.net.ssl.keyStorePassword={{ .Values.tls.keyStorePassword }} {{ .Values.jvmOpts }}{{ end }}" {{- else -}} {{ default (quote "") .Values.jvmOpts }} {{- end }} diff --git a/templates/pod.yaml b/templates/pod.yaml index a854825..b35c21d 100644 --- a/templates/pod.yaml +++ b/templates/pod.yaml @@ -29,11 +29,15 @@ spec: - name: vkconfig mountPath: /opt/vertica/packages/kafka/config {{- if .Values.tls.enabled }} + {{- if .Values.tls.trustStoreSecretName }} - name: truststore mountPath: {{ .Values.tls.trustStoreMountPath }} + {{- end }} + {{- if .Values.tls.keyStoreSecretName }} - name: keystore mountPath: {{ .Values.tls.keyStoreMountPath }} {{- end }} + {{- end }} env: - name: VKCONFIG_JVM_OPTS value: {{ include "vertica-kafka-scheduler.jvmOpts" . }} @@ -44,13 +48,17 @@ spec: configMap: name: {{ include "vertica-kafka-scheduler.configmap-fullname" . }} {{- if .Values.tls.enabled }} + {{- if .Values.tls.trustStoreSecretName }} - name: truststore secret: secretName: {{ .Values.tls.trustStoreSecretName }} + {{- end }} + {{- if .Values.tls.keyStoreSecretName }} - name: keystore secret: secretName: {{ .Values.tls.keyStoreSecretName }} {{- end }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/tests/pod_test.yaml b/tests/pod_test.yaml new file mode 100644 index 0000000..98dbd15 --- /dev/null +++ b/tests/pod_test.yaml @@ -0,0 +1,42 @@ +suite: Pod tests +templates: +- pod.yaml +tests: +- it: should not include keystore volume if only truststore enabled for TLS + set: + tls: + enabled: true + trustStoreMountPath: /truststore + trustStoreSecretKey: trust-store.jks + trustStoreSecretName: truststore-jks + launcherEnabled: true + asserts: + - isKind: + of: Pod + - contains: + path: spec.containers[0].env + content: + name: VKCONFIG_JVM_OPTS + value: "-Djavax.net.ssl.trustStore=/truststore/trust-store.jks" + - contains: + path: spec.volumes + content: + name: truststore + secret: + secretName: truststore-jks + - notContains: + path: spec.volumes + any: true + content: + name: keystore + - contains: + path: spec.containers[0].volumeMounts + content: + name: truststore + mountPath: /truststore + - notContains: + path: spec.containers[0].volumeMounts + any: true + content: + name: keystore + diff --git a/tests/tls_test.yaml b/tests/tls_test.yaml index e4a9123..e752460 100644 --- a/tests/tls_test.yaml +++ b/tests/tls_test.yaml @@ -45,7 +45,7 @@ tests: path: spec.template.spec.containers[0].env content: name: VKCONFIG_JVM_OPTS - value: '-Djavax.net.ssl.trustStore=/truststore/truststore-Djavax.net.ssl.keyStore=/keystore/keystore -Djavax.net.ssl.keyStorePassword=pwd ' + value: '-Djavax.net.ssl.trustStore=/truststore/truststore -Djavax.net.ssl.keyStore=/keystore/keystore -Djavax.net.ssl.keyStorePassword=pwd ' - it: should have JVM opts set if TLS is configured with just truststore set: tls: @@ -120,4 +120,4 @@ tests: path: spec.template.spec.containers[0].env content: name: VKCONFIG_JVM_OPTS - value: '-Djavax.net.ssl.keyStore=/keystore/keystore -Djavax.net.ssl.keyStorePassword=my-secret ' + value: ' -Djavax.net.ssl.keyStore=/keystore/keystore -Djavax.net.ssl.keyStorePassword=my-secret '