Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Feature/Operator] Configurable node services and users template #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 31 commits into from
Mar 23, 2022
Merged

[Feature/Operator] Configurable node services and users template #24

merged 31 commits into from
Mar 23, 2022

Conversation

@erdrix
Copy link
Contributor

@erdrix erdrix commented Mar 16, 2022
edited
Loading

Q A
Bug fix? no
New feature? yes
API breaks? no
Deprecations? no
Related tickets Orange-OpenSource/nifikop#58, Orange-OpenSource/nifikop#206
License Apache 2.0

What's in this PR?

A limitation with the current implementation is that the user identities and service names can become too long depending on your namespace name and cluster domain. If this string is over 64 bytes, cert manager is unable to create certificates. This is a show stopper issue for us because we cannot change our cluster domains.

This PR allows admin and node user identities to be set to custom values. And it allows service names templates to be overriden.

Four properties added to the NifiCluster spec:

  • headlessServiceTemplate: instead of the default template %s-headless you can provide an alternative, such as %s-h
  • nodeControllerTemplate: instead of the default template %s-controller you can provide an alternative, such as %s-c
  • nodeUserIdentityTemplate: instead of the default dynamic node user identity which is very long, you can provide an alternative for a shorter identity, such as node-%d-user which becomes node-1-user, node-2-user, etc.
  • adminUserIdentity: instead of the default dynamic admin user identity which is very long, you can provide an alternative, such as admin-user

Default behavior is unchanged from the current implementation. None of these new properties are required.

Why?

This PR unblocks teams who have longer cluster domains and want to use a cert-manager integration. Those teams can opt-in to using these four new properties in the NifiCluster spec to shorten the user identities and service names.

I decided to take the implementation path seen here since it did not drift from the current implementation too much. Basically instead of hardcoding the HeadlessServiceTemplate and NodeControllerTemplate, they can now be overridden by a provided property. The adminUserIdentity is shared across all the nodes so it can be a static value with any name the user would like. However, the nodeUserIdentityTemplate must be unique per node therefore the user needs to provide a template so we can populate the node's ID in the user's identity.

Additional context

Checklist

  • Implementation tested
  • Error handling code meets the guideline
  • Logging code meets the guideline
  • User guide and development docs updated (if needed)
  • Append changelog with changes

@cannonpalms cannonpalms mentioned this pull request Mar 22, 2022
Closed
@erdrix erdrix marked this pull request as ready for review March 23, 2022 08:37
@erdrix erdrix enabled auto-merge (squash) March 23, 2022 08:43
@erdrix erdrix disabled auto-merge March 23, 2022 08:48
@erdrix erdrix merged commit 8e490b7 into master Mar 23, 2022
erdrix added a commit that referenced this pull request Aug 3, 2022
@erdrix
Merge pull request #24 from konpyutaika/ft_configurable_template_serv…
b99db25 
…ice_n_users

[Feature/Operator] Configurable node services and users template
@juldrixx juldrixx deleted the ft_configurable_template_service_n_users branch May 30, 2024 07:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@erdrix