thelabdude commented on a change in pull request #151:
URL:
https://github.com/apache/lucene-solr-operator/pull/151#discussion_r568114059
##########
File path: controllers/solrcloud_controller.go
##########
@@ -261,12 +268,77 @@ func (r *SolrCloudReconciler) Reconcile(req ctrl.Request)
(ctrl.Result, error) {
blockReconciliationOfStatefulSet = true
}
+ tlsCertMd5 := ""
+ needsPkcs12InitContainer := false // flag if the StatefulSet needs an
additional initCont to create PKCS12 keystore
+ // don't start reconciling TLS until we have ZK connectivity, avoids
TLS code having to check for ZK
+ if !blockReconciliationOfStatefulSet && instance.Spec.SolrTLS != nil {
+ ctx := context.TODO()
+ // Create the autogenerated TLS Cert and wait for it to be
issued
+ if instance.Spec.SolrTLS.AutoCreate != nil {
+ tlsReady, err := r.reconcileAutoCreateTLS(ctx, instance)
+ // don't create the StatefulSet until we have a cert,
which can take a while for a Let's Encrypt Issuer
+ if !tlsReady || err != nil {
+ if err != nil {
+ r.Log.Error(err, "Reconcile TLS
Certificate failed")
+ } else {
+ wait := 30 * time.Second
+ if
instance.Spec.SolrTLS.AutoCreate.IssuerRef == nil {
+ // this is a self-signed cert,
so no need to wait very long for it to issue
+ wait = 2 * time.Second
+ }
+ requeueOrNot.RequeueAfter = wait
+ }
+ return requeueOrNot, err
Review comment:
Certs can take several minutes to issue, so I think we want to return
here with the extended wait period otherwise you get a ton of noise in the logs
until the cert issues ...
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
