From 6e37f6e8e5f175bdeb3e8d8558cd11eec2155a05 Mon Sep 17 00:00:00 2001 From: tomjo Date: Tue, 23 Jan 2024 11:45:57 +0100 Subject: [PATCH] feat: support TLS authentication and customized volumes --- charts/pulsar-resources-operator/Chart.yaml | 4 ++-- ...rce.streamnative.io_pulsarconnections.yaml | 22 +++++++++++++++++++ .../templates/deployment.yaml | 8 +++++++ .../tests/deployment_test.yaml | 10 ++++++--- charts/pulsar-resources-operator/values.yaml | 3 +++ ...rce.streamnative.io_pulsarconnections.yaml | 22 +++++++++++++++++++ 6 files changed, 64 insertions(+), 5 deletions(-) diff --git a/charts/pulsar-resources-operator/Chart.yaml b/charts/pulsar-resources-operator/Chart.yaml index add8c78c..0f0aa6ec 100644 --- a/charts/pulsar-resources-operator/Chart.yaml +++ b/charts/pulsar-resources-operator/Chart.yaml @@ -30,13 +30,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: v0.4.6 +version: v0.5.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.4.6" +appVersion: "v0.5.0" # This is a semver range of compatible Kubernetes versions. Helm will validate the version # constraints when installing the chart and fail if the cluster runs an unsupported Kubernetes version diff --git a/charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarconnections.yaml b/charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarconnections.yaml index 541e284c..18d3a0b0 100644 --- a/charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarconnections.yaml +++ b/charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarconnections.yaml @@ -129,6 +129,18 @@ spec: - issuerEndpoint - key type: object + tls: + description: PulsarAuthenticationTLS indicates the parameters + which are need by pulsar TLS Authentication + properties: + clientCertificateKeyPath: + type: string + clientCertificatePath: + type: string + required: + - clientCertificateKeyPath + - clientCertificatePath + type: object token: description: ValueOrSecretRef is a string or a secret reference of the authentication @@ -166,6 +178,16 @@ spec: description: ClusterName indicates the local cluster name of the pulsar cluster. It should set when enabling the Geo Replication type: string + tlsEnableHostnameVerification: + description: TLSEnableHostnameVerification indicates whether to verify the hostname of the broker. + Only used when using secure urls. + type: boolean + tlsAllowInsecureConnection: + description: TLSAllowInsecureConnection indicates whether to allow insecure connection to the broker. + type: boolean + tlsTrustCertsFilePath: + description: TLSTrustCertsFilePath Path for the TLS certificate used to validate the broker endpoint when using TLS. + type: string type: object status: description: PulsarConnectionStatus defines the observed state of PulsarConnection diff --git a/charts/pulsar-resources-operator/templates/deployment.yaml b/charts/pulsar-resources-operator/templates/deployment.yaml index 68865a46..7c368e76 100644 --- a/charts/pulsar-resources-operator/templates/deployment.yaml +++ b/charts/pulsar-resources-operator/templates/deployment.yaml @@ -86,6 +86,10 @@ spec: periodSeconds: 20 resources: {{- toYaml .Values.resources | nindent 10 }} + {{- if .Values.extraVolumeMounts }} + volumeMounts: + {{- toYaml .Values.extraVolumeMounts | nindent 10 }} + {{- end }} nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} affinity: @@ -93,3 +97,7 @@ spec: tolerations: {{- toYaml .Values.tolerations | nindent 8 }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- if .Values.extraVolumes }} + volumes: + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} diff --git a/charts/pulsar-resources-operator/tests/deployment_test.yaml b/charts/pulsar-resources-operator/tests/deployment_test.yaml index 6001163a..a24c032f 100644 --- a/charts/pulsar-resources-operator/tests/deployment_test.yaml +++ b/charts/pulsar-resources-operator/tests/deployment_test.yaml @@ -31,7 +31,7 @@ tests: value: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.4 - equal: path: spec.template.spec.containers[1].image - value: docker.streamnative.io/streamnative/operators/pulsar-resources-operator:v0.4.6 + value: docker.streamnative.io/streamnative/operators/pulsar-resources-operator:v0.5.0 - equal: path: spec.template.spec.containers[1].imagePullPolicy value: IfNotPresent @@ -54,14 +54,18 @@ tests: path: spec.template.spec.containers[1].resources.requests - isNull: path: spec.template.spec.containers[1].resources.limits + - isNull: + path: spec.template.spec.containers[1].volumeMounts + - isNull: + path: spec.template.spec.volumes - it: should update the image version successfully set: - image.manager.tag: v0.4.6 + image.manager.tag: v0.5.0 asserts: - equal: path: spec.template.spec.containers[1].image - value: docker.streamnative.io/streamnative/operators/pulsar-resources-operator:v0.4.6 + value: docker.streamnative.io/streamnative/operators/pulsar-resources-operator:v0.5.0 - it: should update the replicas successfully set: diff --git a/charts/pulsar-resources-operator/values.yaml b/charts/pulsar-resources-operator/values.yaml index 28148627..c0950b97 100644 --- a/charts/pulsar-resources-operator/values.yaml +++ b/charts/pulsar-resources-operator/values.yaml @@ -116,3 +116,6 @@ affinity: {} # -- The period seconds that pod will be termiated gracefully terminationGracePeriodSeconds: 10 + +extraVolumeMounts: [] +extraVolumes: [] diff --git a/config/crd/bases/resource.streamnative.io_pulsarconnections.yaml b/config/crd/bases/resource.streamnative.io_pulsarconnections.yaml index 541e284c..18d3a0b0 100644 --- a/config/crd/bases/resource.streamnative.io_pulsarconnections.yaml +++ b/config/crd/bases/resource.streamnative.io_pulsarconnections.yaml @@ -129,6 +129,18 @@ spec: - issuerEndpoint - key type: object + tls: + description: PulsarAuthenticationTLS indicates the parameters + which are need by pulsar TLS Authentication + properties: + clientCertificateKeyPath: + type: string + clientCertificatePath: + type: string + required: + - clientCertificateKeyPath + - clientCertificatePath + type: object token: description: ValueOrSecretRef is a string or a secret reference of the authentication @@ -166,6 +178,16 @@ spec: description: ClusterName indicates the local cluster name of the pulsar cluster. It should set when enabling the Geo Replication type: string + tlsEnableHostnameVerification: + description: TLSEnableHostnameVerification indicates whether to verify the hostname of the broker. + Only used when using secure urls. + type: boolean + tlsAllowInsecureConnection: + description: TLSAllowInsecureConnection indicates whether to allow insecure connection to the broker. + type: boolean + tlsTrustCertsFilePath: + description: TLSTrustCertsFilePath Path for the TLS certificate used to validate the broker endpoint when using TLS. + type: string type: object status: description: PulsarConnectionStatus defines the observed state of PulsarConnection