-
Notifications
You must be signed in to change notification settings - Fork 189
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
K8SPXC-1411: allow to enable/disable TLS in a running cluster #1844
base: main
Are you sure you want to change the base?
Conversation
pkg/controller/pxc/tls.go
Outdated
return nil | ||
} | ||
|
||
annotationTLSState, ok := cr.Annotations[naming.AnnotationTLS] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would do this with a status field or with status.conditions
rather than with an annotation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pkg/controller/pxc/tls.go
Outdated
crOrig := cr.DeepCopy() | ||
cr.Spec.Unsafe.TLS = !*cr.Spec.TLS.Enabled | ||
if cr.Spec.Unsafe.TLS != crOrig.Spec.Unsafe.TLS { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if TLS is disabled without enabling the unsafe flag we'll return an error before (in CheckNSetDefaults
) and won't enter this function. so I'm not sure if we need to do this check
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
commit: 9b7bdf0 |
https://perconadev.atlassian.net/browse/K8SPXC-1411
DESCRIPTION
This PR allows operator to enable/disable TLS in a running cluster by automating the following tasks:
when
.spec.tls.enabled
is switched tofalse
:.spec.pause
totrue
spec.unsafeFlags.tls
totrue
.spec.pause
tofalse
when
.spec.tls.enabled
is switched totrue
:.spec.pause
totrue
spec.unsafeFlags.tls
tofalse
.spec.pause
tofalse
A
tls
condition has also been added to a cluster. It will show the state of.spec.tls.enabled
field before it was switched. The values of this condition areenabled
anddisabled
values. After all automated tasks have been completed, it will be updated with the actual state of.spec.tls.enabled
.Note to developers: the
deploy
method contained a lot of duplicated code from theupdatePod
method. In this PR I decided to minimize it by using theupdatePod
inside.CHECKLIST
Jira
Needs Doc
) and QA (Needs QA
)?Tests
compare/*-oc.yml
)?Config/Logging/Testability