Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store transport keys and certificates in a single shared secret. #1198

Merged
merged 1 commit into from
Jul 5, 2019
Merged

Store transport keys and certificates in a single shared secret. #1198

merged 1 commit into from
Jul 5, 2019

Conversation

nkvoll
Copy link
Member

@nkvoll nkvoll commented Jul 5, 2019
edited
Loading

This facilitates a move to StatefulSets where the mounted secrets must be the same between all the Pods in the same StatefulSet.

@nkvoll nkvoll force-pushed the no-pod-specific-transport-secret branch from 26d16ca to 0b207ff Compare July 5, 2019 13:29
@nkvoll nkvoll changed the base branch from master to statefulset-refactoring July 5, 2019 13:29
@nkvoll nkvoll changed the title [wip] Initial poc of sharing a transport certs secret between pods. Store transport keys and certificates in a single shared secret. Jul 5, 2019
@nkvoll nkvoll force-pushed the no-pod-specific-transport-secret branch from 0b207ff to 505f7b0 Compare July 5, 2019 13:31
@nkvoll nkvoll requested a review from sebgl July 5, 2019 13:31
@nkvoll nkvoll marked this pull request as ready for review July 5, 2019 13:31
sebgl
sebgl approved these changes Jul 5, 2019
View reviewed changes
Copy link
Contributor

@sebgl sebgl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! I left a few minor comments.
Would be nice to unit test the certs pruning logic (can be in another PR?).

operators/pkg/controller/elasticsearch/certificates/transport/reconcile.go
}
}
if len(keysToPrune) > 0 {
log.Info("Pruning keys from certificates secret", "keys", keysToPrune)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be nice to have this unit tested.

@nkvoll
Copy link
Member Author

nkvoll commented Jul 5, 2019

Re the unit test for pruning, I wonder if it will be sufficiently different with StatefulSets it makes more sense to cover it there (note the method in question is also currently un-tested as it's going to be refactored come StatefulSet changes)

@sebgl
Copy link
Contributor

sebgl commented Jul 5, 2019

I'm fine with keeping some unit tests for later (let's try not to forget them though) since we'll be breaking a lot of stuff.

@nkvoll
Store transport keys and certificates in a single shared secret.
3b24cd3 
This facilitates a move to StatefulSets where the mounted secrets must be the same between
all the Pods in the same StatefulSet
@nkvoll nkvoll force-pushed the no-pod-specific-transport-secret branch from f97e775 to 3b24cd3 Compare July 5, 2019 14:16
@nkvoll nkvoll merged commit b48109c into elastic:statefulset-refactoring Jul 5, 2019
@nkvoll nkvoll deleted the no-pod-specific-transport-secret branch July 5, 2019 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sebgl sebgl sebgl approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nkvoll @sebgl