k8s: Provide an option to disable cert-manager installation
This change introduces an option to disable the operator built-in cert-manager installer because it may not be desirable in some cases. Additionally, we provide a toggle in the helm chart so that we can use the helm chart to generate the included templates. Change-Id: I45e6041013637c3816de315e5c5a4bf9ff28f7ee
This commit is contained in:
parent
6f65fa2eaf
commit
5d078f238f
|
@ -39,11 +39,15 @@ spec:
|
|||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if not ( index .Values "pxc-operator" "operatorManaged" ) }}
|
||||
env:
|
||||
{{- if not ( index .Values "cert-manager" "operatorManaged" ) }}
|
||||
- name: ZUUL_INSTALL_CERT_MANAGER
|
||||
value: "0"
|
||||
{{- end }}
|
||||
{{- if not ( index .Values "pxc-operator" "operatorManaged" ) }}
|
||||
- name: ZUUL_INSTALL_PXC
|
||||
value: "0"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
|
|
|
@ -52,6 +52,9 @@ affinity: {}
|
|||
|
||||
cert-manager:
|
||||
enabled: false
|
||||
|
||||
# cert manager should be managed by the operator
|
||||
operatorManaged: false
|
||||
|
||||
serviceAccount:
|
||||
name: "cert-manager"
|
||||
|
|
|
@ -60,6 +60,8 @@ def memoize_secrets(memo, logger):
|
|||
def startup(memo, logger, **kwargs):
|
||||
logger.info("Loading operator config")
|
||||
memo.operator_config = {
|
||||
'install_cert_manager': distutils.util.strtobool(
|
||||
os.environ.get('ZUUL_INSTALL_CERT_MANAGER', '1')),
|
||||
'install_pxc': distutils.util.strtobool(
|
||||
os.environ.get('ZUUL_INSTALL_PXC', '1')),
|
||||
}
|
||||
|
@ -119,7 +121,8 @@ def create_fn(spec, name, namespace, logger, memo, **kwargs):
|
|||
zuul.install_db(install_pxc=memo.operator_config['install_pxc'])
|
||||
|
||||
# Request the CA cert before installing ZK
|
||||
zuul.create_cert_manager_ca()
|
||||
zuul.create_cert_manager_ca(
|
||||
install_cert_manager=memo.operator_config['install_cert_manager'])
|
||||
|
||||
# Now we can install ZK
|
||||
zuul.install_zk()
|
||||
|
@ -156,7 +159,8 @@ def update_fn(name, namespace, logger, old, new, memo, **kwargs):
|
|||
logger.info("ZooKeeper changed")
|
||||
conf_changed = True
|
||||
# redo zk
|
||||
zuul.create_cert_manager_ca()
|
||||
zuul.create_cert_manager_ca(
|
||||
install_cert_manager=memo.operator_config['install_cert_manager'])
|
||||
|
||||
# Now we can install ZK
|
||||
zuul.install_zk()
|
||||
|
|
|
@ -110,8 +110,10 @@ class Zuul:
|
|||
self.cert_manager = certmanager.CertManager(
|
||||
self.api, self.namespace, self.log)
|
||||
|
||||
def create_cert_manager_ca(self):
|
||||
self.cert_manager.maybe_install()
|
||||
def create_cert_manager_ca(self, install_cert_manager=True):
|
||||
if install_cert_manager:
|
||||
self.cert_manager.maybe_install()
|
||||
|
||||
self.cert_manager.create_ca(instance_name=self.name)
|
||||
|
||||
def install_zk(self):
|
||||
|
|
Loading…
Reference in New Issue