Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store Kafka node certificates in separate Secrets #10967

Merged
merged 7 commits into from
Jan 15, 2025
Merged

Store Kafka node certificates in separate Secrets #10967

merged 7 commits into from
Jan 15, 2025

Conversation

katheris
Copy link
Contributor

Type of change

Select the type of your PR

  • Enhancement / new feature

Description

Store Kafka node certificates in separate Secrets rather than in a single shared Secret.

This addresses issue #7687

Checklist

Please go through this checklist and make sure all applicable tasks have been done

  • Write tests
  • Make sure all tests pass
  • Update documentation
  • Check RBAC rights for Kubernetes / OpenShift roles
  • Try your changes from Pod inside your Kubernetes and OpenShift cluster, not just locally
  • Reference relevant issue(s) and close them after merging
  • Update CHANGELOG.md
  • Supply screenshots for visual changes, such as Grafana dashboards

@katheris katheris force-pushed the certSecretPerBroker branch from 9bce375 to 478869b Compare January 6, 2025 10:25
@katheris katheris marked this pull request as ready for review January 6, 2025 17:04
@katheris katheris added this to the 0.46.0 milestone Jan 6, 2025
@katheris katheris requested review from scholzj and ppatierno January 6, 2025 17:06
@scholzj scholzj linked an issue Jan 6, 2025 that may be closed by this pull request
Use per-broker secrets with StrimziPodSets #7687
Closed
@scholzj
Copy link
Member

scholzj commented Jan 6, 2025

/azp run regression

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@scholzj
Copy link
Member

scholzj commented Jan 6, 2025

/azp run upgrade

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@scholzj
Copy link
Member

scholzj commented Jan 7, 2025

There seems to be quite a lot of test failures. I don't think they necessarily indicate issues with the production code. But it looks like you would need to do some updates to the STs (or sync with @strimzi/system-test-contributors to have them done here).

@ppatierno
Copy link
Member

The implementation looks good to me but I will have another pass when STs are green. Thanks!

@katheris
Copy link
Contributor Author

katheris commented Jan 8, 2025

/azp run regression

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@katheris
Copy link
Contributor Author

katheris commented Jan 9, 2025

/azp run regression

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@katheris
Copy link
Contributor Author

katheris commented Jan 9, 2025

/azp run upgrade

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@katheris
Copy link
Contributor Author

katheris commented Jan 9, 2025

@scholzj @ppatierno the regression and upgrade tests are now passing

scholzj
scholzj reviewed Jan 9, 2025
View reviewed changes
systemtest/src/test/java/io/strimzi/systemtest/security/custom/CustomCaST.java Show resolved Hide resolved
documentation/modules/security/ref-certificates-and-secrets.adoc Outdated Show resolved Hide resolved
documentation/modules/configuring/ref-list-of-kafka-cluster-resources.adoc Outdated Show resolved Hide resolved
documentation/modules/security/ref-certificates-and-secrets.adoc Outdated Show resolved Hide resolved
...t/java/io/strimzi/operator/cluster/operator/assembly/KafkaAssemblyOperatorKRaftMockTest.java Show resolved Hide resolved
...r-operator/src/test/java/io/strimzi/operator/cluster/operator/assembly/CaReconcilerTest.java Outdated Show resolved Hide resolved
...er-operator/src/main/java/io/strimzi/operator/cluster/operator/assembly/KafkaReconciler.java Show resolved Hide resolved
cluster-operator/src/main/java/io/strimzi/operator/cluster/model/KafkaCluster.java Show resolved Hide resolved
@katheris katheris mentioned this pull request Jan 13, 2025
Open
@katheris
Copy link
Contributor Author

/azp run regression

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@katheris
Copy link
Contributor Author

/azp run upgrade

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@katheris
Store Kafka node certificates in separate Secrets
4d785b0 
Signed-off-by: Katherine Stanley <[email protected]>
@katheris
Update CHANGELOG.md and docs
03a5a29 
Signed-off-by: Katherine Stanley <[email protected]>
@katheris
Update system tests
33656c2 
Signed-off-by: Katherine Stanley <[email protected]>
@katheris katheris force-pushed the certSecretPerBroker branch from 65aadd4 to e905a54 Compare January 13, 2025 14:11
@katheris
Remove unused import
314a813 
Signed-off-by: Katherine Stanley <[email protected]>
@katheris
Copy link
Contributor Author

/azp run regression

@katheris
Copy link
Contributor Author

/azp run upgrade

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

1 similar comment
@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

scholzj
scholzj approved these changes Jan 13, 2025
View reviewed changes
Copy link
Member

@scholzj scholzj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks.

tinaselenge
tinaselenge approved these changes Jan 14, 2025
View reviewed changes
Copy link
Contributor

@tinaselenge tinaselenge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @katheris. LGTM

@scholzj
Copy link
Member

scholzj commented Jan 14, 2025

@katheris Should we merge it? Or do you want to wait for @ppatierno?

@ppatierno
Copy link
Member

@katheris please wait it's on my to-do list for tomorrow morning. Thanks!

ppatierno
ppatierno approved these changes Jan 15, 2025
View reviewed changes
Copy link
Member

@ppatierno ppatierno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I left just one nit. Thanks!

...er-operator/src/main/java/io/strimzi/operator/cluster/operator/assembly/KafkaReconciler.java Outdated Show resolved Hide resolved
@katheris
Address ppatierno review comments
efa1c6d 
Signed-off-by: Katherine Stanley <[email protected]>
@katheris
Copy link
Contributor Author

@ppatierno @scholzj @tinaselenge FYI I pushed one last change to make the COMPONENT_TYPE variable in KafkaCluster public as Paolo suggested, are you happy for this to be merged?

@scholzj
Copy link
Member

scholzj commented Jan 15, 2025

@katheris You can merge this, yes.

@katheris katheris merged commit 58f31ba into strimzi:main Jan 15, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scholzj scholzj scholzj approved these changes

@tinaselenge tinaselenge tinaselenge approved these changes

@ppatierno ppatierno ppatierno approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Roadmap
Status: 0.46.0 (Work In Progress)
Milestone
0.46.0
Development

Successfully merging this pull request may close these issues.

Use per-broker secrets with StrimziPodSets
4 participants
@katheris @scholzj @ppatierno @tinaselenge