Skip to content

Commit e78f633

Browse files
razvansbernauer
razvan
and
sbernauer
authored
feat: Support setting TLS certificate lifetimes (#660)
* feat: `requestedSecretLifetime` role group property added * implement review feedback * update crd field docs * Point to op-rs main * chore: bump op-rs * cargo update -p rustls * Update CHANGELOG.md Co-authored-by: Sebastian Bernauer <[email protected]> * Update rust/crd/src/lib.rs Co-authored-by: Sebastian Bernauer <[email protected]> * Update rust/crd/src/lib.rs Co-authored-by: Sebastian Bernauer <[email protected]> * Update rust/crd/src/lib.rs Co-authored-by: Sebastian Bernauer <[email protected]> * Update rust/crd/src/lib.rs Co-authored-by: Sebastian Bernauer <[email protected]> * Update rust/crd/src/lib.rs Co-authored-by: Sebastian Bernauer <[email protected]> * Update rust/crd/src/security.rs Co-authored-by: Sebastian Bernauer <[email protected]> * Update rust/operator-binary/src/druid_controller.rs Co-authored-by: Sebastian Bernauer <[email protected]> * Update rust/crd/src/security.rs Co-authored-by: Sebastian Bernauer <[email protected]> --------- Co-authored-by: Sebastian Bernauer <[email protected]>
1 parent 399afb5 commit e78f633

File tree

9 files changed

+149
-65
lines changed

9 files changed

+149
-65
lines changed

CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
44

55
## [Unreleased]
66

7+
### Added
8+
9+
- The lifetime of auto generated TLS certificates is now configurable with the role and roleGroup
10+
config property `requestedSecretLifetime`. This helps reducing frequent Pod restarts ([#660]).
11+
712
### Fixed
813

914
- Fix OIDC endpoint construction in case the `rootPath` does have a trailing slash ([#656]).
@@ -13,6 +18,7 @@ All notable changes to this project will be documented in this file.
1318

1419
[#656]: https://github.com/stackabletech/druid-operator/pull/656
1520
[#657]: https://github.com/stackabletech/druid-operator/pull/657
21+
[#660]: https://github.com/stackabletech/druid-operator/pull/660
1622

1723
## [24.11.0] - 2024-11-18
1824

Cargo.lock

Lines changed: 7 additions & 18 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.nix

Lines changed: 17 additions & 42 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ serde = { version = "1.0", features = ["derive"] }
2525
serde_json = "1.0"
2626
serde_yaml = "0.9"
2727
snafu = "0.8"
28-
stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.82.0" }
28+
stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.83.0" }
2929
strum = { version = "0.26", features = ["derive"] }
3030
tokio = { version = "1.40", features = ["full"] }
3131
tracing = "0.1"

crate-hashes.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

deploy/helm/druid-operator/crds/crds.yaml

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -154,6 +154,10 @@ spec:
154154
nullable: true
155155
type: boolean
156156
type: object
157+
requestedSecretLifetime:
158+
description: Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate.
159+
nullable: true
160+
type: string
157161
resources:
158162
default:
159163
cpu:
@@ -372,6 +376,10 @@ spec:
372376
nullable: true
373377
type: boolean
374378
type: object
379+
requestedSecretLifetime:
380+
description: Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate.
381+
nullable: true
382+
type: string
375383
resources:
376384
default:
377385
cpu:
@@ -994,6 +1002,10 @@ spec:
9941002
nullable: true
9951003
type: boolean
9961004
type: object
1005+
requestedSecretLifetime:
1006+
description: Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate.
1007+
nullable: true
1008+
type: string
9971009
resources:
9981010
default:
9991011
cpu:
@@ -1212,6 +1224,10 @@ spec:
12121224
nullable: true
12131225
type: boolean
12141226
type: object
1227+
requestedSecretLifetime:
1228+
description: Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate.
1229+
nullable: true
1230+
type: string
12151231
resources:
12161232
default:
12171233
cpu:
@@ -1410,6 +1426,10 @@ spec:
14101426
nullable: true
14111427
type: boolean
14121428
type: object
1429+
requestedSecretLifetime:
1430+
description: Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate.
1431+
nullable: true
1432+
type: string
14131433
resources:
14141434
default:
14151435
cpu:
@@ -1659,6 +1679,10 @@ spec:
16591679
nullable: true
16601680
type: boolean
16611681
type: object
1682+
requestedSecretLifetime:
1683+
description: Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate.
1684+
nullable: true
1685+
type: string
16621686
resources:
16631687
default:
16641688
cpu:
@@ -1936,6 +1960,10 @@ spec:
19361960
nullable: true
19371961
type: boolean
19381962
type: object
1963+
requestedSecretLifetime:
1964+
description: Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate.
1965+
nullable: true
1966+
type: string
19391967
resources:
19401968
default:
19411969
cpu:
@@ -2154,6 +2182,10 @@ spec:
21542182
nullable: true
21552183
type: boolean
21562184
type: object
2185+
requestedSecretLifetime:
2186+
description: Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate.
2187+
nullable: true
2188+
type: string
21572189
resources:
21582190
default:
21592191
cpu:
@@ -2352,6 +2384,10 @@ spec:
23522384
nullable: true
23532385
type: boolean
23542386
type: object
2387+
requestedSecretLifetime:
2388+
description: Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate.
2389+
nullable: true
2390+
type: string
23552391
resources:
23562392
default:
23572393
cpu:
@@ -2570,6 +2606,10 @@ spec:
25702606
nullable: true
25712607
type: boolean
25722608
type: object
2609+
requestedSecretLifetime:
2610+
description: Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate.
2611+
nullable: true
2612+
type: string
25732613
resources:
25742614
default:
25752615
cpu:

0 commit comments

Comments
 (0)