Skip to content

Commit

Permalink
Consolidate global cluster config (#612)
Browse files Browse the repository at this point in the history 
# Description

The new structure now looks like:
```
apiVersion: zookeeper.stackable.tech/v1alpha1
kind: ZookeeperCluster
metadata:
  name: simple-zk
spec:
  image:
    productVersion: 3.8.0
    stackableVersion: 0.8.0
  clusterConfig:
    authentication:
      - authenticationClass: zookeeper-tls-authentication-class (with provider tls) # String
    tls:
      serverSecretClass: tls
      quorumSecretClass: tls
    logging:
      vectorAggregatorConfigMapName: vector-aggregator-discovery
  servers:
....
```

fixes #596

test: https://ci.stackable.tech/view/02%20Operator%20Tests%20(custom)/job/zookeeper-operator-it-custom/33/



Co-authored-by: Malte Sander <malte.sander.it@gmail.com>
Co-authored-by: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
  • Loading branch information
@maltesander @razvan
3 people committed Dec 21, 2022
1 parent 6851464 commit 3418118
Show file tree
Hide file tree
Showing 28 changed files with 903 additions and 610 deletions.
10 changes: 4 additions & 6 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,6 @@ All notable changes to this project will be documented in this file.

## [Unreleased]

### Changed

- Fixed the RoleGroup `selector`. It was not used before. ([#611])

[#611]: https://github.com/stackabletech/zookeeper-operator/pull/611

### Added

- Log aggregation added ([#588]).
Expand All @@ -23,12 +17,16 @@ All notable changes to this project will be documented in this file.
- Operator-rs: 0.25.3 -> 0.27.1 ([#591]).
- Fixed bug where ZNode ConfigMaps were not created due to labeling issues ([#592]).
- Don't run init container as root and avoid chmod and chowning ([#603]).
- Fixed the RoleGroup `selector`. It was not used before. ([#611]).
- [BREAKING] Moved `spec.authentication`, `spec.tls` and `spec.logging` to `spec.clusterConfig`. Consolidated sub field names like `tls.client.secretClass` to `tls.serverSecretClass` ([#612]).

[#586]: https://github.com/stackabletech/zookeeper-operator/pull/586
[#591]: https://github.com/stackabletech/zookeeper-operator/pull/591
[#592]: https://github.com/stackabletech/zookeeper-operator/pull/592
[#599]: https://github.com/stackabletech/zookeeper-operator/pull/599
[#603]: https://github.com/stackabletech/zookeeper-operator/pull/603
[#611]: https://github.com/stackabletech/zookeeper-operator/pull/611
[#612]: https://github.com/stackabletech/zookeeper-operator/pull/612

## [0.12.0] - 2022-11-07

Expand Down
64 changes: 41 additions & 23 deletions deploy/crd/zookeepercluster.crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,35 +23,56 @@ spec:
spec:
description: A cluster of ZooKeeper nodes
properties:
config:
clusterConfig:
default:
authentication: []
tls:
secretClass: tls
quorumTlsSecretClass: tls
quorumSecretClass: tls
serverSecretClass: tls
description: Global ZooKeeper cluster configuration that applies to all roles and role groups.
properties:
clientAuthentication:
description: 'Only affects client connections. This setting controls: - If clients need to authenticate themselves against the server via TLS - Which ca.crt to use when validating the provided client certs Defaults to `None`'
authentication:
default: []
description: Authentication class settings for ZooKeeper like mTLS authentication.
items:
properties:
authenticationClass:
description: |-
The AuthenticationClass <https://docs.stackable.tech/home/nightly/concepts/authenticationclass.html> to use.
## mTLS
Only affects client connections. This setting controls: - If clients need to authenticate themselves against the server via TLS - Which ca.crt to use when validating the provided client certs This will override the server TLS settings (if set) in `spec.clusterConfig.tls.serverSecretClass`.
type: string
required:
- authenticationClass
type: object
type: array
logging:
description: Logging options for ZooKeeper.
nullable: true
properties:
authenticationClass:
vectorAggregatorConfigMapName:
description: Name of the Vector discovery ConfigMap. It must contain the key `ADDRESS` with the address of the Vector aggregator.
nullable: true
type: string
required:
- authenticationClass
type: object
quorumTlsSecretClass:
default: tls
description: 'Only affects quorum communication. Use mutual verification between Zookeeper Nodes (mandatory). This setting controls: - Which cert the servers should use to authenticate themselves against other servers - Which ca.crt to use when validating the other server'
type: string
tls:
default:
secretClass: tls
description: 'Only affects client connections. This setting controls: - If TLS encryption is used at all - Which cert the servers should use to authenticate themselves against the client Defaults to `TlsSecretClass` { secret_class: "tls".to_string() }.'
quorumSecretClass: tls
serverSecretClass: tls
description: TLS encryption settings for ZooKeeper (server, quorum).
nullable: true
properties:
secretClass:
quorumSecretClass:
default: tls
description: 'The <https://docs.stackable.tech/secret-operator/stable/secretclass.html> to use for internal quorum communication. Use mutual verification between Zookeeper Nodes (mandatory). This setting controls: - Which cert the servers should use to authenticate themselves against other servers - Which ca.crt to use when validating the other server Defaults to `tls`'
type: string
serverSecretClass:
default: tls
description: 'The <https://docs.stackable.tech/secret-operator/stable/secretclass.html> to use for client connections. This setting controls: - If TLS encryption is used at all - Which cert the servers should use to authenticate themselves against the client Defaults to `tls`.'
nullable: true
type: string
required:
- secretClass
type: object
type: object
image:
Expand All @@ -62,7 +83,7 @@ spec:
- required:
- productVersion
- stackableVersion
description: Desired ZooKeeper version
description: Desired ZooKeeper image to use.
properties:
custom:
description: Overwrite the docker image. Specify the full docker image name, e.g. `docker.stackable.tech/stackable/superset:1.4.1-stackable2.1.0`
Expand Down Expand Up @@ -98,6 +119,7 @@ spec:
type: string
type: object
servers:
description: ZooKeeper server configuration.
nullable: true
properties:
cliOverrides:
Expand Down Expand Up @@ -791,13 +813,9 @@ spec:
- roleGroups
type: object
stopped:
description: Emergency stop button, if `true` then all pods are stopped without affecting configuration (as setting `replicas` to `0` would)
description: Emergency stop button, if `true` then all pods are stopped without affecting configuration (as setting `replicas` to `0` would).
nullable: true
type: boolean
vectorAggregatorConfigMapName:
description: Name of the Vector discovery ConfigMap. It must contain the key `ADDRESS` with the address of the Vector aggregator.
nullable: true
type: string
required:
- image
type: object
Expand Down
64 changes: 41 additions & 23 deletions deploy/helm/zookeeper-operator/crds/crds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,35 +25,56 @@ spec:
spec:
description: A cluster of ZooKeeper nodes
properties:
config:
clusterConfig:
default:
authentication: []
tls:
secretClass: tls
quorumTlsSecretClass: tls
quorumSecretClass: tls
serverSecretClass: tls
description: Global ZooKeeper cluster configuration that applies to all roles and role groups.
properties:
clientAuthentication:
description: 'Only affects client connections. This setting controls: - If clients need to authenticate themselves against the server via TLS - Which ca.crt to use when validating the provided client certs Defaults to `None`'
authentication:
default: []
description: Authentication class settings for ZooKeeper like mTLS authentication.
items:
properties:
authenticationClass:
description: |-
The AuthenticationClass <https://docs.stackable.tech/home/nightly/concepts/authenticationclass.html> to use.
## mTLS
Only affects client connections. This setting controls: - If clients need to authenticate themselves against the server via TLS - Which ca.crt to use when validating the provided client certs This will override the server TLS settings (if set) in `spec.clusterConfig.tls.serverSecretClass`.
type: string
required:
- authenticationClass
type: object
type: array
logging:
description: Logging options for ZooKeeper.
nullable: true
properties:
authenticationClass:
vectorAggregatorConfigMapName:
description: Name of the Vector discovery ConfigMap. It must contain the key `ADDRESS` with the address of the Vector aggregator.
nullable: true
type: string
required:
- authenticationClass
type: object
quorumTlsSecretClass:
default: tls
description: 'Only affects quorum communication. Use mutual verification between Zookeeper Nodes (mandatory). This setting controls: - Which cert the servers should use to authenticate themselves against other servers - Which ca.crt to use when validating the other server'
type: string
tls:
default:
secretClass: tls
description: 'Only affects client connections. This setting controls: - If TLS encryption is used at all - Which cert the servers should use to authenticate themselves against the client Defaults to `TlsSecretClass` { secret_class: "tls".to_string() }.'
quorumSecretClass: tls
serverSecretClass: tls
description: TLS encryption settings for ZooKeeper (server, quorum).
nullable: true
properties:
secretClass:
quorumSecretClass:
default: tls
description: 'The <https://docs.stackable.tech/secret-operator/stable/secretclass.html> to use for internal quorum communication. Use mutual verification between Zookeeper Nodes (mandatory). This setting controls: - Which cert the servers should use to authenticate themselves against other servers - Which ca.crt to use when validating the other server Defaults to `tls`'
type: string
serverSecretClass:
default: tls
description: 'The <https://docs.stackable.tech/secret-operator/stable/secretclass.html> to use for client connections. This setting controls: - If TLS encryption is used at all - Which cert the servers should use to authenticate themselves against the client Defaults to `tls`.'
nullable: true
type: string
required:
- secretClass
type: object
type: object
image:
Expand All @@ -64,7 +85,7 @@ spec:
- required:
- productVersion
- stackableVersion
description: Desired ZooKeeper version
description: Desired ZooKeeper image to use.
properties:
custom:
description: Overwrite the docker image. Specify the full docker image name, e.g. `docker.stackable.tech/stackable/superset:1.4.1-stackable2.1.0`
Expand Down Expand Up @@ -100,6 +121,7 @@ spec:
type: string
type: object
servers:
description: ZooKeeper server configuration.
nullable: true
properties:
cliOverrides:
Expand Down Expand Up @@ -793,13 +815,9 @@ spec:
- roleGroups
type: object
stopped:
description: Emergency stop button, if `true` then all pods are stopped without affecting configuration (as setting `replicas` to `0` would)
description: Emergency stop button, if `true` then all pods are stopped without affecting configuration (as setting `replicas` to `0` would).
nullable: true
type: boolean
vectorAggregatorConfigMapName:
description: Name of the Vector discovery ConfigMap. It must contain the key `ADDRESS` with the address of the Vector aggregator.
nullable: true
type: string
required:
- image
type: object
Expand Down
Loading

0 comments on commit 3418118

Please sign in to comment.