feat: support TLS authentication and customized volumes

tomjo · tomjo · commit 0e9833ca744c · 2024-02-15T15:07:46.000+01:00
diff --git a/charts/pulsar-resources-operator/Chart.yaml b/charts/pulsar-resources-operator/Chart.yaml
@@ -30,13 +30,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: v0.4.7
+version: v0.5.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v0.4.7"
+appVersion: "v0.5.0"
 
 # This is a semver range of compatible Kubernetes versions. Helm will validate the version
 # constraints when installing the chart and fail if the cluster runs an unsupported Kubernetes version
diff --git a/charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarconnections.yaml b/charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarconnections.yaml
@@ -129,6 +129,18 @@ spec:
                     - issuerEndpoint
                     - key
                     type: object
+                  tls:
+                    description: PulsarAuthenticationTLS indicates the parameters
+                      which are need by pulsar TLS Authentication
+                    properties:
+                      clientCertificateKeyPath:
+                        type: string
+                      clientCertificatePath:
+                        type: string
+                    required:
+                    - clientCertificateKeyPath
+                    - clientCertificatePath
+                    type: object
                   token:
                     description: ValueOrSecretRef is a string or a secret reference
                       of the authentication
@@ -166,6 +178,16 @@ spec:
                 description: ClusterName indicates the local cluster name of the pulsar
                   cluster. It should set when enabling the Geo Replication
                 type: string
+              tlsEnableHostnameVerification:
+                description: TLSEnableHostnameVerification indicates whether to verify the hostname of the broker.
+                  Only used when using secure urls.
+                type: boolean
+              tlsAllowInsecureConnection:
+                description: TLSAllowInsecureConnection indicates whether to allow insecure connection to the broker.
+                type: boolean
+              tlsTrustCertsFilePath:
+                description: TLSTrustCertsFilePath Path for the TLS certificate used to validate the broker endpoint when using TLS.
+                type: string
             type: object
           status:
             description: PulsarConnectionStatus defines the observed state of PulsarConnection
diff --git a/charts/pulsar-resources-operator/templates/deployment.yaml b/charts/pulsar-resources-operator/templates/deployment.yaml
@@ -86,10 +86,18 @@ spec:
           periodSeconds: 20
         resources:
           {{- toYaml .Values.resources | nindent 10 }}
+        {{- if .Values.extraVolumeMounts }}
+        volumeMounts:
+          {{- toYaml .Values.extraVolumeMounts | nindent 10 }}
+        {{- end }}
       nodeSelector:
         {{- toYaml .Values.nodeSelector | nindent 8 }}
       affinity:
         {{- toYaml .Values.affinity | nindent 8 }}
       tolerations:
         {{- toYaml .Values.tolerations | nindent 8 }}
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+      {{- if .Values.extraVolumes }}
+      volumes:
+        {{- toYaml .Values.extraVolumes | nindent 8 }}
+      {{- end }}
diff --git a/charts/pulsar-resources-operator/tests/deployment_test.yaml b/charts/pulsar-resources-operator/tests/deployment_test.yaml
@@ -31,7 +31,7 @@ tests:
           value: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.4
       - equal:
           path: spec.template.spec.containers[1].image
-          value: docker.streamnative.io/streamnative/operators/pulsar-resources-operator:v0.4.7
+          value: docker.streamnative.io/streamnative/operators/pulsar-resources-operator:v0.5.0
       - equal:
           path: spec.template.spec.containers[1].imagePullPolicy
           value: IfNotPresent
@@ -54,14 +54,18 @@ tests:
           path: spec.template.spec.containers[1].resources.requests
       - isNull:
           path: spec.template.spec.containers[1].resources.limits
+      - isNull:
+          path: spec.template.spec.containers[1].volumeMounts
+      - isNull:
+          path: spec.template.spec.volumes
 
   - it: should update the image version successfully
     set:
-      image.manager.tag: v0.4.7
+      image.manager.tag: v0.5.0
     asserts:
       - equal:
           path: spec.template.spec.containers[1].image
-          value: docker.streamnative.io/streamnative/operators/pulsar-resources-operator:v0.4.7
+          value: docker.streamnative.io/streamnative/operators/pulsar-resources-operator:v0.5.0
 
   - it: should update the replicas successfully
     set:
diff --git a/charts/pulsar-resources-operator/values.yaml b/charts/pulsar-resources-operator/values.yaml
@@ -116,3 +116,6 @@ affinity: {}
 
 # -- The period seconds that pod will be termiated gracefully
 terminationGracePeriodSeconds: 10
+
+extraVolumeMounts: []
+extraVolumes: []
diff --git a/config/crd/bases/resource.streamnative.io_pulsarconnections.yaml b/config/crd/bases/resource.streamnative.io_pulsarconnections.yaml
@@ -129,6 +129,18 @@ spec:
                     - issuerEndpoint
                     - key
                     type: object
+                  tls:
+                    description: PulsarAuthenticationTLS indicates the parameters
+                      which are need by pulsar TLS Authentication
+                    properties:
+                      clientCertificateKeyPath:
+                        type: string
+                      clientCertificatePath:
+                        type: string
+                    required:
+                    - clientCertificateKeyPath
+                    - clientCertificatePath
+                    type: object
                   token:
                     description: ValueOrSecretRef is a string or a secret reference
                       of the authentication
@@ -166,6 +178,16 @@ spec:
                 description: ClusterName indicates the local cluster name of the pulsar
                   cluster. It should set when enabling the Geo Replication
                 type: string
+              tlsEnableHostnameVerification:
+                description: TLSEnableHostnameVerification indicates whether to verify the hostname of the broker.
+                  Only used when using secure urls.
+                type: boolean
+              tlsAllowInsecureConnection:
+                description: TLSAllowInsecureConnection indicates whether to allow insecure connection to the broker.
+                type: boolean
+              tlsTrustCertsFilePath:
+                description: TLSTrustCertsFilePath Path for the TLS certificate used to validate the broker endpoint when using TLS.
+                type: string
             type: object
           status:
             description: PulsarConnectionStatus defines the observed state of PulsarConnection
