Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add content for exploring the features of the v0.3.0 operator on GKE #24

Merged
merged 5 commits into from
May 17, 2021
Merged

Add content for exploring the features of the v0.3.0 operator on GKE #24

merged 5 commits into from
May 17, 2021

Conversation

thelabdude
Copy link
Contributor

Add a blog post for exploring the v0.3.0 release.

@thelabdude thelabdude requested review from HoustonPutman and janhoy May 6, 2021 20:49
@janhoy
Copy link
Contributor

janhoy commented May 7, 2021

This was a bit of a mouthful :) Skimmed it and it looks thorough, but did not have time to read it all just now. A few initial questions:

spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: *** REDACTED ***
    privateKeySecretRef:
      name: acme-letsencrypt-issuer-pk

Where is the acme-letsencrypt-issuer-pk defined? Guess the reference needs to point so some key somewhere?

  1. If you want to terminate TLS through linkerd or ingress instead of on the solr node, is that supported by the operator? I know Solr itself may not be fully prepared for that case, since it will complain in logs that TLS is not active, and it is impossible to start solr with only a custom truststore without also enabling inbound tls. But aside from that, from an operator standpoint?

@thelabdude
Copy link
Contributor Author

thelabdude commented May 7, 2021
edited
Loading

The cert-manager defines the acme-letsencrypt-issuer-pk secret, here's a good explanation from one of cert-manager's main contributors: cert-manager/cert-manager#1751 (comment)

Yes, you can do TLS termination at the Ingress, see: https://kubernetes.github.io/ingress-nginx/examples/tls-termination/ However, the Solr operator doesn't let you set the tls.secretName field in the YAML. So you'd have to work-around this by defining your own Ingress for Solr vs. using the one created by the operator. It's a limitation we should fix in 0.4.0 since it would require a change to the CRD definition. apache/solr-operator#268

@HoustonPutman
Formatting changes.
c56004d 
- Fix image inclusion
- Fix Paragraph wrapping in the MD, for easier review of changes.
- Change section header levels.
@HoustonPutman
Various changes.
0a7dc87
HoustonPutman
HoustonPutman approved these changes May 10, 2021
View reviewed changes
Copy link
Contributor

@HoustonPutman HoustonPutman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great!

Made a few changes, that hopefully make it a bit easier for users. Just minor things though.

I do think it would be nice to have a short section explaining that the Provided Zookeeper section in the CRD is good for development use cases, but Production use cases should probably use explicit Zookeeper Connection Strings. Much like the comment you made on the slack channel.

@thelabdude thelabdude merged commit 2b18fa9 into apache:main May 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HoustonPutman HoustonPutman HoustonPutman approved these changes

@janhoy janhoy Awaiting requested review from janhoy

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thelabdude @janhoy @HoustonPutman