thelabdude commented on a change in pull request #151:
URL: 
https://github.com/apache/lucene-solr-operator/pull/151#discussion_r568114059



##########
File path: controllers/solrcloud_controller.go
##########
@@ -261,12 +268,77 @@ func (r *SolrCloudReconciler) Reconcile(req ctrl.Request) 
(ctrl.Result, error) {
                blockReconciliationOfStatefulSet = true
        }
 
+       tlsCertMd5 := ""
+       needsPkcs12InitContainer := false // flag if the StatefulSet needs an 
additional initCont to create PKCS12 keystore
+       // don't start reconciling TLS until we have ZK connectivity, avoids 
TLS code having to check for ZK
+       if !blockReconciliationOfStatefulSet && instance.Spec.SolrTLS != nil {
+               ctx := context.TODO()
+               // Create the autogenerated TLS Cert and wait for it to be 
issued
+               if instance.Spec.SolrTLS.AutoCreate != nil {
+                       tlsReady, err := r.reconcileAutoCreateTLS(ctx, instance)
+                       // don't create the StatefulSet until we have a cert, 
which can take a while for a Let's Encrypt Issuer
+                       if !tlsReady || err != nil {
+                               if err != nil {
+                                       r.Log.Error(err, "Reconcile TLS 
Certificate failed")
+                               } else {
+                                       wait := 30 * time.Second
+                                       if 
instance.Spec.SolrTLS.AutoCreate.IssuerRef == nil {
+                                               // this is a self-signed cert, 
so no need to wait very long for it to issue
+                                               wait = 2 * time.Second
+                                       }
+                                       requeueOrNot.RequeueAfter = wait
+                               }
+                               return requeueOrNot, err

Review comment:
       Certs can take several minutes to issue, so I think we want to return 
here with the extended wait period otherwise you get a ton of noise in the logs 
until the cert issues ...




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to