f307cc32af
Updates CA name generation to be configurable allowing the swapping in of a CA. ### Motivation We recently swapped out cert issuers and found that with the current helm chart we were unable to do a hot swap without downtime (via helm) because the CA cert name is not configurable. Being able to change the name of the CA allows us to create a new CA first -> Validate -> then swap over in follow up apply/release. ### Modifications Adds the ability to specify the suffix used to generate the CA name (not the whole name in order to preserve back compatibility regardless of the release name.)
77 lines
2.0 KiB
Smarty
77 lines
2.0 KiB
Smarty
{{/*
|
|
Define the pulsar brroker service
|
|
*/}}
|
|
{{- define "pulsar.broker.service" -}}
|
|
{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}
|
|
{{- end }}
|
|
|
|
{{/*
|
|
Define the hostname
|
|
*/}}
|
|
{{- define "pulsar.broker.hostname" -}}
|
|
${HOSTNAME}.{{ template "pulsar.broker.service" . }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Define the broker znode
|
|
*/}}
|
|
{{- define "pulsar.broker.znode" -}}
|
|
{{ .Values.metadataPrefix }}/loadbalance/brokers/{{ template "pulsar.broker.hostname" . }}:{{ .Values.broker.ports.http }}
|
|
{{- end }}
|
|
|
|
{{/*
|
|
Define broker zookeeper client tls settings
|
|
*/}}
|
|
{{- define "pulsar.broker.zookeeper.tls.settings" -}}
|
|
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
|
|
/pulsar/keytool/keytool.sh broker {{ template "pulsar.broker.hostname" . }} true;
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{/*
|
|
Define broker tls certs mounts
|
|
*/}}
|
|
{{- define "pulsar.broker.certs.volumeMounts" -}}
|
|
{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled)) }}
|
|
- name: broker-certs
|
|
mountPath: "/pulsar/certs/broker"
|
|
readOnly: true
|
|
- name: ca
|
|
mountPath: "/pulsar/certs/ca"
|
|
readOnly: true
|
|
{{- if .Values.tls.zookeeper.enabled }}
|
|
- name: keytool
|
|
mountPath: "/pulsar/keytool/keytool.sh"
|
|
subPath: keytool.sh
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{/*
|
|
Define broker tls certs volumes
|
|
*/}}
|
|
{{- define "pulsar.broker.certs.volumes" -}}
|
|
{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled)) }}
|
|
- name: broker-certs
|
|
secret:
|
|
secretName: "{{ .Release.Name }}-{{ .Values.tls.broker.cert_name }}"
|
|
items:
|
|
- key: tls.crt
|
|
path: tls.crt
|
|
- key: tls.key
|
|
path: tls.key
|
|
- name: ca
|
|
secret:
|
|
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
|
|
items:
|
|
- key: ca.crt
|
|
path: ca.crt
|
|
{{- if .Values.tls.zookeeper.enabled }}
|
|
- name: keytool
|
|
configMap:
|
|
name: "{{ template "pulsar.fullname" . }}-keytool-configmap"
|
|
defaultMode: 0755
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|