thelabdude commented on code in PR #461:
URL: https://github.com/apache/solr-operator/pull/461#discussion_r934944959
##########
api/v1beta1/solrcloud_types.go:
##########
@@ -1523,6 +1523,14 @@ type SolrTLSOptions struct {
// This option is typically used with
`spec.updateStrategy.restartSchedule` to restart Solr pods before the mounted
TLS cert expires.
// +optional
MountedTLSDir *MountedTLSDirectory `json:"mountedTLSDir,omitempty"`
+
+ // Path on the Solr image to your JVM's truststore to merge with an
external truststore.
+ // If supplied, Solr will be configured to use the merged truststore.
+ // The truststore for the JVM in the default Solr image is:
$JAVA_HOME/lib/security/cacerts
+ MergeJavaTruststore string `json:"mergeJavaTrustStore,omitempty"`
Review Comment:
Typically, `mountedTLSDir` will have a csi driver volume and corresponding
mount on the mainContainer, which would get used by the merge `initContainer`,
so the init container would get the truststore file. However, that might cause
double creation of the cert for each pod, once for the `initContainer` and once
for the main container, so this would likely put a lot of pressure on the Cert
issuer. So probably safer to say this feature is not supported with
`mountedTLSDir` option for now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
