From 3d751182b3aa826c4a4d6fcf12c9dfc514b799ad Mon Sep 17 00:00:00 2001 From: udnay Date: Wed, 6 Nov 2024 11:32:31 -0500 Subject: [PATCH 1/4] Swap kind for k3d --- Makefile | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 34969c27..63bef87e 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ UNAME_S := $(shell uname -s) ifeq ($(UNAME_S),Linux) COCKROACH_BIN ?= https://binaries.cockroachdb.com/cockroach-v23.2.0.linux-amd64.tgz HELM_BIN ?= https://get.helm.sh/helm-v3.14.0-linux-amd64.tar.gz - KIND_BIN ?= https://kind.sigs.k8s.io/dl/v0.21.0/kind-linux-amd64 + K3D_BIN ?= https://github.com/k3d-io/k3d/releases/download/v5.7.4/k3d-linux-amd64 KUBECTL_BIN ?= https://dl.k8s.io/release/v1.29.1/bin/linux/amd64/kubectl YQ_BIN ?= https://github.com/mikefarah/yq/releases/download/v4.31.2/yq_linux_amd64 JQ_BIN ?= https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 @@ -12,7 +12,7 @@ endif ifeq ($(UNAME_S),Darwin) COCKROACH_BIN ?= https://binaries.cockroachdb.com/cockroach-v23.2.0.darwin-10.9-amd64.tgz HELM_BIN ?= https://get.helm.sh/helm-v3.14.0-darwin-amd64.tar.gz - KIND_BIN ?= https://kind.sigs.k8s.io/dl/v0.21.0/kind-darwin-amd64 + K3D_BIN ?= https://github.com/k3d-io/k3d/releases/download/v5.7.4/k3d-darwin-arm64 KUBECTL_BIN ?= https://dl.k8s.io/release/v1.29.1/bin/darwin/amd64/kubectl YQ_BIN ?= https://github.com/mikefarah/yq/releases/download/v4.31.2/yq_darwin_amd64 JQ_BIN ?= https://github.com/stedolan/jq/releases/download/jq-1.6/jq-osx-amd64 @@ -20,7 +20,7 @@ ifeq ($(UNAME_S),Darwin) OPM_BIN ?= darwin-amd64-opm endif -KIND_CLUSTER ?= chart-testing +K3D_CLUSTER ?= chart-testing REPOSITORY ?= gcr.io/cockroachlabs-helm-charts/cockroach-self-signer-cert export BUNDLE_IMAGE ?= cockroach-operator-bundle @@ -73,26 +73,31 @@ dev/clean: ## remove built artifacts @rm -r build/artifacts/ ##@ Test +test/cluster: bin/k3d test/cluster_up ## start a local k3d cluster for testing -test/cluster: bin/kind ## start a local kind cluster for testing - @bin/kind get clusters -q | grep $(KIND_CLUSTER) || bin/kind create cluster --name $(KIND_CLUSTER) +test/cluster_up: bin/k3d + @bin/k3d cluster list | grep $(K3D_CLUSTER) || bin/k3d cluster create $(K3D_CLUSTER) + +test/cluster_down: bin/k3d + bin/k3d cluster delete $(K3D_CLUSTER) test/e2e/%: PKG=$* -test/e2e/%: bin/cockroach bin/kubectl bin/helm build/self-signer test/publish-images-to-kind ## run e2e tests for package (e.g. install or rotate) +test/e2e/%: bin/cockroach bin/kubectl bin/helm build/self-signer test/publish-images-to-k3d ## run e2e tests for package (e.g. install or rotate) @PATH="$(PWD)/bin:${PATH}" go test -timeout 30m -v ./tests/e2e/$(PKG)/... test/lint: bin/helm ## lint the helm chart @build/lint.sh && bin/helm lint cockroachdb IMAGE_LIST = cockroachdb/cockroach:v23.2.0 quay.io/jetstack/cert-manager-cainjector:v1.11.0 quay.io/jetstack/cert-manager-webhook:v1.11.0 quay.io/jetstack/cert-manager-controller:v1.11.0 quay.io/jetstack/cert-manager-ctl:v1.11.0 -test/publish-images-to-kind: bin/yq test/cluster ## publish signer and cockroach image to local kind registry +test/publish-images-to-k3d: bin/yq test/cluster ## publish signer and cockroach image to local k3d registry for i in $(IMAGE_LIST); do \ docker pull $$i; \ - bin/kind load docker-image $$i --name $(KIND_CLUSTER); \ + bin/k3d image import $$i -c $(K3D_CLUSTER); \ done - @bin/kind load docker-image \ + docker pull ${REPOSITORY}:$(shell bin/yq '.tls.selfSigner.image.tag' ./cockroachdb/values.yaml); \ + bin/k3d image import \ ${REPOSITORY}:$(shell bin/yq '.tls.selfSigner.image.tag' ./cockroachdb/values.yaml) \ - --name $(KIND_CLUSTER) + -c $(K3D_CLUSTER) test/template: bin/cockroach bin/helm ## Run template tests @PATH="$(PWD)/bin:${PATH}" go test -v ./tests/template/... @@ -101,7 +106,7 @@ test/units: bin/cockroach ## Run unit tests in ./pkg/... @PATH="$(PWD)/bin:${PATH}" go test -v ./pkg/... ##@ Binaries -bin: bin/cockroach bin/helm bin/kind bin/kubectl bin/yq ## install all binaries +bin: bin/cockroach bin/helm bin/k3d bin/kubectl bin/yq ## install all binaries bin/cockroach: ## install cockroach @mkdir -p bin @@ -113,10 +118,10 @@ bin/helm: ## install helm @curl -L $(HELM_BIN) | tar -xzf - -C bin/ --strip-components 1 @rm -f bin/README.md bin/LICENSE -bin/kind: ## install kind +bin/k3d: ## install k3d @mkdir -p bin - @curl -Lo bin/kind $(KIND_BIN) - @chmod +x bin/kind + @curl -Lo bin/k3d $(K3D_BIN) + @chmod +x bin/k3d bin/kubectl: ## install kubectl @mkdir -p bin From 3374a7aa4de3e1e4670905a229a90f34823662f5 Mon Sep 17 00:00:00 2001 From: udnay Date: Wed, 6 Nov 2024 13:15:01 -0500 Subject: [PATCH 2/4] Add configmap for operator --- cmd/self-signer/generate.go | 3 ++ cockroachdb/values.yaml | 4 ++ pkg/generator/generate_cert.go | 22 +++++++++ pkg/resource/config_map.go | 82 +++++++++++++++++++++++++++++++++ pkg/resource/config_map_test.go | 31 +++++++++++++ 5 files changed, 142 insertions(+) create mode 100644 pkg/resource/config_map.go create mode 100644 pkg/resource/config_map_test.go diff --git a/cmd/self-signer/generate.go b/cmd/self-signer/generate.go index a094feb7..13aecd76 100644 --- a/cmd/self-signer/generate.go +++ b/cmd/self-signer/generate.go @@ -37,10 +37,12 @@ var ( caExpiry, nodeExpiry, clientExpiry string caSecret string clientOnly bool + operatorManaged bool ) func init() { generateCmd.Flags().BoolVar(&clientOnly, "client-only", false, "generate certificates for custom user") + generateCmd.Flags().BoolVar(&operatorManaged, "operator-managed", false, "generate certificates for operator managed cluster") rootCmd.AddCommand(generateCmd) } @@ -52,6 +54,7 @@ func generate(cmd *cobra.Command, args []string) { } genCert.CaSecret = caSecret + genCert.OperatorManaged = operatorManaged namespace, exists := os.LookupEnv("NAMESPACE") if !exists { diff --git a/cockroachdb/values.yaml b/cockroachdb/values.yaml index 137f8f22..4967bc1c 100644 --- a/cockroachdb/values.yaml +++ b/cockroachdb/values.yaml @@ -649,3 +649,7 @@ iap: # Create Google Cloud OAuth credentials and set client id and secret # clientId: # clientSecret: + +# Use the CRDB Operator to manage the CRDB clusters +operator: + enabled: true \ No newline at end of file diff --git a/pkg/generator/generate_cert.go b/pkg/generator/generate_cert.go index 5aeb6bee..66b656d1 100644 --- a/pkg/generator/generate_cert.go +++ b/pkg/generator/generate_cert.go @@ -68,6 +68,7 @@ type GenerateCert struct { ClusterDomain string ReadinessWait time.Duration PodUpdateTimeout time.Duration + OperatorManaged bool } type certConfig struct { @@ -240,6 +241,17 @@ func (rc *GenerateCert) generateCA(ctx context.Context, CASecretName string, nam return errors.Wrap(err, "failed to update ca key secret ") } + // If we are using the operator to manage secrets then we need to store the CA cert in a + // ConfigMap. + if rc.OperatorManaged { + cm := resource.CreateConfigMap(namespace, CASecretName, caCert, + resource.NewKubeResource(ctx, rc.client, namespace, kube.DefaultPersister)) + if err = cm.Update(); err != nil { + return errors.Wrap(err, "failed to update CA cert in ConfigMap") + } + logrus.Infof("Generated and saved CA certificate in ConfigMap [%s]", CASecretName) + } + logrus.Infof("Generated and saved CA key and certificate in secret [%s]", CASecretName) return nil } @@ -307,6 +319,16 @@ func (rc *GenerateCert) generateNodeCert(ctx context.Context, nodeSecretName str fmt.Sprintf("*.%s.%s.svc.%s", rc.DiscoveryServiceName, namespace, rc.ClusterDomain), } + if rc.OperatorManaged { + operatorJoinServiceHosts := []string{ + fmt.Sprintf("%s-join", rc.DiscoveryServiceName), + fmt.Sprintf("%s-join.%s", rc.DiscoveryServiceName, namespace), + fmt.Sprintf("%s-join.%s.svc.%s", rc.DiscoveryServiceName, namespace, rc.ClusterDomain), + } + + hosts = append(hosts, operatorJoinServiceHosts...) + } + // create the Node Pair certificates if err = errors.Wrap( security.CreateNodePair( diff --git a/pkg/resource/config_map.go b/pkg/resource/config_map.go new file mode 100644 index 00000000..619c8c00 --- /dev/null +++ b/pkg/resource/config_map.go @@ -0,0 +1,82 @@ +/* +Copyright 2021 The Cockroach Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package resource + +import ( + "fmt" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +type ConfigMap struct { + Resource + + configMap *corev1.ConfigMap +} + +// CreateConfigMap creates a ConfigMap in the specified namespace +func CreateConfigMap(namespace string, secretName string, data []byte, r Resource) *ConfigMap { + // Define the ConfigMap object + configMap := &ConfigMap{ + Resource: r, + configMap: &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("%s-crt", secretName), + }, + Data: map[string]string{ + "ca.crt": string(data), + }, + }, + } + return configMap +} + +func (c *ConfigMap) Update() error { + data := c.configMap.Data + _, err := c.Persist(c.configMap, func() error { + c.configMap.Data = data + return nil + }) + + return err +} + +func LoadConfigMap(name string, r Resource) (*ConfigMap, error) { + c := &ConfigMap{ + Resource: r, + configMap: &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + }, + }, + } + + if err := r.Fetch(c.configMap); err != nil { + return nil, err + } + + return c, nil +} + +func (c *ConfigMap) GetConfigMap() *corev1.ConfigMap { + return c.configMap +} + +func (c *ConfigMap) Name() string { + return c.configMap.Name +} diff --git a/pkg/resource/config_map_test.go b/pkg/resource/config_map_test.go new file mode 100644 index 00000000..938b451e --- /dev/null +++ b/pkg/resource/config_map_test.go @@ -0,0 +1,31 @@ +package resource_test + +import ( + "context" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/cockroachdb/helm-charts/pkg/kube" + "github.com/cockroachdb/helm-charts/pkg/resource" + "github.com/cockroachdb/helm-charts/pkg/testutils" +) + +func TestUpdateConfigMap(t *testing.T) { + scheme := testutils.InitScheme(t) + fakeClient := testutils.NewFakeClient(scheme) + namespace := "default" + name := "test-configmap" + + r := resource.NewKubeResource(context.TODO(), fakeClient, namespace, kube.DefaultPersister) + cm := resource.CreateConfigMap(namespace, name, []byte{}, r) + + err := cm.Update() + require.NoError(t, err) + + // fetch the configmap + cm, err = resource.LoadConfigMap(cm.Name(), r) + require.NoError(t, err) + + require.Equal(t, "test-configmap-crt", cm.GetConfigMap().Name) +} From 91fb162366928a9e3e02944aac4fe7272070dc50 Mon Sep 17 00:00:00 2001 From: udnay Date: Wed, 6 Nov 2024 14:22:35 -0500 Subject: [PATCH 3/4] Setup local registry for faster iteration on self-signer dev --- Makefile | 33 +++++++++++++++--- tests/k3d/dev-cluster.sh | 52 ++++++++++++++++++++++++++++ tests/k3d/docker-compose.yaml | 65 +++++++++++++++++++++++++++++++++++ tests/k3d/registries.sh | 32 +++++++++++++++++ tests/k3d/registries.yaml | 16 +++++++++ 5 files changed, 193 insertions(+), 5 deletions(-) create mode 100755 tests/k3d/dev-cluster.sh create mode 100644 tests/k3d/docker-compose.yaml create mode 100755 tests/k3d/registries.sh create mode 100644 tests/k3d/registries.yaml diff --git a/Makefile b/Makefile index 63bef87e..f4cd461f 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,5 @@ UNAME_S := $(shell uname -s) +NC := $(shell tput sgr0) # No Color ifeq ($(UNAME_S),Linux) COCKROACH_BIN ?= https://binaries.cockroachdb.com/cockroach-v23.2.0.linux-amd64.tgz HELM_BIN ?= https://get.helm.sh/helm-v3.14.0-linux-amd64.tar.gz @@ -21,7 +22,10 @@ ifeq ($(UNAME_S),Darwin) endif K3D_CLUSTER ?= chart-testing -REPOSITORY ?= gcr.io/cockroachlabs-helm-charts/cockroach-self-signer-cert +REGISTRY ?= gcr.io +REPOSITORY ?= cockroachlabs-helm-charts/cockroach-self-signer-cert +DOCKER_NETWORK_NAME ?= ${K3D_CLUSTER} +LOCAL_REGISTRY ?= "localhost:5000" export BUNDLE_IMAGE ?= cockroach-operator-bundle export HELM_OPERATOR_IMAGE ?= cockroach-helm-operator @@ -56,7 +60,7 @@ build/chart: bin/helm ## build the helm chart to build/artifacts build/self-signer: bin/yq ## build the self-signer image @docker build --platform=linux/amd64 -f build/docker-image/self-signer-cert-utility/Dockerfile \ --build-arg COCKROACH_VERSION=$(shell bin/yq '.appVersion' ./cockroachdb/Chart.yaml) \ - -t ${REPOSITORY}:$(shell bin/yq '.tls.selfSigner.image.tag' ./cockroachdb/values.yaml) . + -t ${REGISTRY}/${REPOSITORY}:$(shell bin/yq '.tls.selfSigner.image.tag' ./cockroachdb/values.yaml) . ##@ Release @@ -66,12 +70,31 @@ release: ## publish the build artifacts to S3 build-and-push/self-signer: bin/yq ## push the self-signer image @docker buildx build --platform=linux/amd64,linux/arm64 -f build/docker-image/self-signer-cert-utility/Dockerfile \ --build-arg COCKROACH_VERSION=$(shell bin/yq '.appVersion' ./cockroachdb/Chart.yaml) --push \ - -t ${REPOSITORY}:$(shell bin/yq '.tls.selfSigner.image.tag' ./cockroachdb/values.yaml) . + -t ${REGISTRY}/${REPOSITORY}:$(shell bin/yq '.tls.selfSigner.image.tag' ./cockroachdb/values.yaml) . ##@ Dev dev/clean: ## remove built artifacts @rm -r build/artifacts/ +## Setup/teardown registries for easier local dev +dev/registries/up: bin/k3d + @if [ "`docker ps -f name=registry.localhost -q`" = "" ]; then \ + echo "$(CYAN)Starting local Docker registry (for fast offline image push/pull)...$(NC)"; \ + cd ../../bin/k3d; ./tests/k3d/registries.sh up $(DOCKER_NETWORK_NAME); \ + fi + +dev/registries/down: bin/k3d + @if [ "`docker ps -f name=registry.localhost -q`" != "" ]; then \ + echo "$(CYAN)Stopping local Docker registry (for fast offline image push/pull)...$(NC)"; \ + cd ../../bin/k3d; ./tests/k3d/registries.sh down $(DOCKER_NETWORK_NAME); \ + fi + +dev/push/local: dev/registries/up + @echo "$(CYAN)Pushing image to local registry...$(NC)" + @docker build --platform=linux/amd64 -f build/docker-image/self-signer-cert-utility/Dockerfile \ + --build-arg COCKROACH_VERSION=$(shell bin/yq '.appVersion' ./cockroachdb/Chart.yaml) --push \ + -t ${LOCAL_REGISTRY}/${REPOSITORY}:$(shell bin/yq '.tls.selfSigner.image.tag' ./cockroachdb/values.yaml) . + ##@ Test test/cluster: bin/k3d test/cluster_up ## start a local k3d cluster for testing @@ -94,9 +117,9 @@ test/publish-images-to-k3d: bin/yq test/cluster ## publish signer and cockroach docker pull $$i; \ bin/k3d image import $$i -c $(K3D_CLUSTER); \ done - docker pull ${REPOSITORY}:$(shell bin/yq '.tls.selfSigner.image.tag' ./cockroachdb/values.yaml); \ + docker pull ${REGISTRY}/${REPOSITORY}:$(shell bin/yq '.tls.selfSigner.image.tag' ./cockroachdb/values.yaml); \ bin/k3d image import \ - ${REPOSITORY}:$(shell bin/yq '.tls.selfSigner.image.tag' ./cockroachdb/values.yaml) \ + ${REGISTRY}/${REPOSITORY}:$(shell bin/yq '.tls.selfSigner.image.tag' ./cockroachdb/values.yaml) \ -c $(K3D_CLUSTER) test/template: bin/cockroach bin/helm ## Run template tests diff --git a/tests/k3d/dev-cluster.sh b/tests/k3d/dev-cluster.sh new file mode 100755 index 00000000..7df349d5 --- /dev/null +++ b/tests/k3d/dev-cluster.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env bash + +CLUSTER_NAME=local + +NETWORK_NAME=k3d-local + +if [ $# -eq 0 ] + then + echo "No arguments supplied: " + echo " up: Start cluster." + echo " --nodes x: The cluster should have x nodes (default 1)" + echo " --version x: The version of Kubernetes (default 1.24.14)" + echo " down: Delete cluster." + + exit 1 +fi + +COMMAND="${1-}" +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +nodes=${environment:-1} +version=${version:-1.24.14} + +while [ $# -gt 0 ]; do + + if [[ $1 == *"--"* ]]; then + param="${1/--/}" + declare $param="$2" + # echo $1 $2 // Optional to see the parameter:value result + fi + + shift +done + +case $COMMAND in + up) + k3d cluster create ${CLUSTER_NAME} \ + --network ${NETWORK_NAME} \ + --registry-config "$SCRIPT_DIR/registries.yaml" \ + --image rancher/k3s:v${version}-k3s1 \ + --agents ${nodes} \ + --k3s-node-label "topology.kubernetes.io/region=us-east-1@agent:0" \ + --k3s-node-label "topology.kubernetes.io/region=us-east-1@server:0" + ;; + down) + k3d cluster delete ${CLUSTER_NAME} + ;; + *) + echo "Unknown command: $COMMAND" + exit 1; + ;; +esac diff --git a/tests/k3d/docker-compose.yaml b/tests/k3d/docker-compose.yaml new file mode 100644 index 00000000..e83283ae --- /dev/null +++ b/tests/k3d/docker-compose.yaml @@ -0,0 +1,65 @@ +version: "3.3" + +# +# Each proxy needs a 'dns' section added. When it wasn't there, the registries were unable to resolve +# remote DNS names, only DNS names set up within the network of the docker-compose. Here the dns is pointed +# at the Google DNS servers. +# + +services: + registry-localhost: + image: "us-east1-docker.pkg.dev/crl-docker-sync/docker-io/library/registry:2" + restart: "always" + volumes: + - "registry:/var/lib/registry" + ports: + - "5000:5000" + + registry-quayio: + image: "us-east1-docker.pkg.dev/crl-docker-sync/docker-io/library/registry:2" + restart: "always" + dns: + - 8.8.8.8 + volumes: + - "registry:/var/lib/registry" + environment: + REGISTRY_PROXY_REMOTEURL: "https://quay.io/repository" + REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED: "true" + + registry-dockerio: + image: "us-east1-docker.pkg.dev/crl-docker-sync/docker-io/library/registry:2" + restart: "always" + dns: + - 8.8.8.8 + volumes: + - "registry:/var/lib/registry" + environment: + REGISTRY_PROXY_REMOTEURL: "http://registry-1.docker.io" + + registry-us-gcr-io: + image: "us-east1-docker.pkg.dev/crl-docker-sync/docker-io/library/registry:2" + restart: "always" + dns: + - 8.8.8.8 + volumes: + - "registry:/var/lib/registry" + environment: + REGISTRY_PROXY_REMOTEURL: "https://us.gcr.io" + + us-docker-pkg-dev: + image: "us-east1-docker.pkg.dev/crl-docker-sync/docker-io/library/registry:2" + restart: "always" + dns: + - 8.8.8.8 + volumes: + - "registry:/var/lib/registry" + environment: + REGISTRY_PROXY_REMOTEURL: "https://us-docker.pkg.dev" + +volumes: + registry: { } + +networks: + default: + external: true + name: ${DOCKER_NETWORK_NAME} diff --git a/tests/k3d/registries.sh b/tests/k3d/registries.sh new file mode 100755 index 00000000..e36404c6 --- /dev/null +++ b/tests/k3d/registries.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +set -euxo pipefail + +# Figure out, regardless of any symlinks, aliases, etc, where this script +# is located. +SOURCE="${BASH_SOURCE[0]}" +while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done +DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" + + +COMMAND="${1-}" + +DOCKER_REGISTRY_PROJECT_NAME=${2:-k3d-local} + +# The name of the docker network. This must change if it changes in the docker-compose.yaml file. +DOCKER_REGISTRY_NETWORK_NAME=${2:-k3d-local} + + +case $COMMAND in + up) + docker network create --driver bridge ${DOCKER_REGISTRY_NETWORK_NAME} || true + DOCKER_NETWORK_NAME=${DOCKER_REGISTRY_NETWORK_NAME} docker-compose -p ${DOCKER_REGISTRY_PROJECT_NAME} -f ${DIR}/docker-compose.yaml up -d + ;; + down) + DOCKER_NETWORK_NAME=${DOCKER_REGISTRY_NETWORK_NAME} docker-compose -p ${DOCKER_REGISTRY_PROJECT_NAME} -f ${DIR}/docker-compose.yaml down + ;; + *) + echo "Unknown command: $COMMAND" + exit 1; + ;; +esac diff --git a/tests/k3d/registries.yaml b/tests/k3d/registries.yaml new file mode 100644 index 00000000..4faaa7b5 --- /dev/null +++ b/tests/k3d/registries.yaml @@ -0,0 +1,16 @@ +mirrors: + "localhost:5000": + endpoint: + - "http://registry-localhost:5000" + quay.io: + endpoint: + - "http://registry-quayio:5000" + docker.io: + endpoint: + - "http://registry-dockerio:5000" + us.gcr.io: + endpoint: + - "http://registry-us-gcr-io:5000" + us-docker.pkg.dev: + endpoint: + - "http://us-docker-pkg-dev:5000" \ No newline at end of file From 3f0aaaaf80c843c9b07ec33b63e8807b3d89f2e9 Mon Sep 17 00:00:00 2001 From: udnay Date: Wed, 6 Nov 2024 14:33:05 -0500 Subject: [PATCH 4/4] Fixup template and default value --- cockroachdb/templates/job-certSelfSigner.yaml | 3 +++ cockroachdb/values.yaml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/cockroachdb/templates/job-certSelfSigner.yaml b/cockroachdb/templates/job-certSelfSigner.yaml index 54ed2cad..80518540 100644 --- a/cockroachdb/templates/job-certSelfSigner.yaml +++ b/cockroachdb/templates/job-certSelfSigner.yaml @@ -66,6 +66,9 @@ spec: - --client-expiry={{ .Values.tls.certs.selfSigner.clientCertExpiryWindow }} - --node-duration={{ .Values.tls.certs.selfSigner.nodeCertDuration }} - --node-expiry={{ .Values.tls.certs.selfSigner.nodeCertExpiryWindow }} + {{- if .Values.operator.enabled }} + - --operator-managed=true + {{- end}} env: - name: STATEFULSET_NAME value: {{ template "cockroachdb.fullname" . }} diff --git a/cockroachdb/values.yaml b/cockroachdb/values.yaml index 4967bc1c..46245b57 100644 --- a/cockroachdb/values.yaml +++ b/cockroachdb/values.yaml @@ -652,4 +652,4 @@ iap: # Use the CRDB Operator to manage the CRDB clusters operator: - enabled: true \ No newline at end of file + enabled: false \ No newline at end of file