HPCC-27274 Document Remote DFS Client Certificates

[g-pan]

Type of change:

• This change is a bug fix (non-breaking change which fixes an issue).
• This change is a new feature (non-breaking change which adds functionality).
• This change improves the code (refactor or other change that does not change the functionality)
• This change fixes warnings (the fix does not alter the functionality or the generated code)
• This change is a breaking change (fix or feature that will cause existing behavior to change).
• This change alters the query API (existing queries will have to be recompiled)

Checklist:

• My code follows the code style of this project.
  • My code does not create any new warnings from compiler, build system, or lint.
• The commit message is properly formatted and free of typos.
  • The commit message title makes sense in a changelog, by itself.
  • The commit is signed.
• My change requires a change to the documentation.
  • I have updated the documentation accordingly, or...
  • I have created a JIRA ticket to update the documentation.
  • Any new interfaces or exported functions are appropriately commented.
• I have read the CONTRIBUTORS document.
• The change has been fully tested:
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • I have checked that this change does not introduce memory leaks.
  • I have used Valgrind or similar tools to check for potential issues.
• I have given due consideration to all of the following potential concerns:
  • Scalability
  • Performance
  • Security
  • Thread-safety
  • Cloud-compatibility
  • Premature optimization
  • Existing deployed queries will not be broken
  • This change fixes the problem, not just the symptom
  • The target branch of this pull request is appropriate for such a change.
• There are no similar instances of the same problem that should be addressed
  • I have addressed them here
  • I have raised JIRA issues to address them separately
• This is a user interface / front-end modification
  • I have tested my changes in multiple modern browsers
  • The component(s) render as expected

Smoketest:

• Send notifications about my Pull Request position in Smoketest queue.
• Test my draft Pull Request.

Testing:

Successful Unit Testing: https://github.com/g-pan/github-action-dev-build/actions/runs/21866214565

[g-pan]

NB: generated a .md file as well, suitable for DevDocs if desired.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[JamesDeFabia]

A couple of comments inline

[JamesDeFabia]

DFUPlus

[JamesDeFabia]

Certificate Authority (CA)

[github-actions]

Jira Issue: https://hpccsystems.atlassian.net//browse/HPCC-27274

Jirabot Action Result:
Workflow Transition To: Merge Pending
Updated PR

[JamesDeFabia]

One comment inline

[JamesDeFabia]

For consistency, capitalize DFUPlus like line 866

[jakesmith]

@g-pan - see a few comments, but I for one am confused by these steps and what it's trying to document.

The process of setting up certificate issues in a k8s setup at least, does not involve manually defining manifest like this, it is handed by the cert-manager.
This README is relevant: https://github.com/hpcc-systems/HPCC-Platform/blob/master/helm/examples/certmanager/README.md

This document is under ContainerizedHPCC.. but what are the goals?
There is typically no need to access the DFS service directly unless it is inconnectnig with another environment .. (but docs mention dfuplus, ECL IDE .. I'm not sure of their relevance).

If inter environment DFS connectivity, is it k8s to k8s, bm->k8s, k8s->bm, all of the those.
There are different steps involved.

This is relevant for DFS from BM: https://hpccsystems.atlassian.net/browse/HPCC-30412 (and associated step-by-step notes in https://hpccsystems.atlassian.net/browse/HPCC-27688)

[jakesmith]

this feels confusing .. why does ECL IDE or DFUPLus .. need direct physical access to dafilesrv's (direct-access version in cloud deployment) ?

[jakesmith]

for external DFS (dafilesrv) access

that's misleading.. DFS isn't just dafilesrv .. DFS is logical file access. The physical data may be accessed via mounts and storge accounts (it is typically in cloud envs)..

[jakesmith]

this process is not familiar to me...
I think part of the confusion (mine too) is .. is this trying to document the setup for Bare Metal, for a k8s setup, for both at same time?