Skip to content

Commit

Permalink
feat: add support for mysql_config_sslcapath option
Browse files Browse the repository at this point in the history
  • Loading branch information
@dhirajsb
dhirajsb committed Feb 17, 2024
1 parent a49bfce commit b80026c
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 8 deletions.
5 changes: 4 additions & 1 deletion api/v1alpha1/modelregistry_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,8 +122,11 @@ type MySQLConfig struct {
// client private key.
SSLKeySecret *SecretKeyValue `json:"sslKeySecret,omitempty"`
// This parameter specifies the Kubernetes Secret name and key containing
// certificate authority (CA) certificate(s).
// certificate authority (CA) certificate.
SSLRootCertificateSecret *SecretKeyValue `json:"sslRootCertificateSecret,omitempty"`
// This parameter specifies the Kubernetes Secret name containing
// multiple certificate authority (CA) certificate(s) as keys.
SSLRootCertificatesSecretName *string `json:"sslRootCertificatesSecretName,omitempty"`
// This parameter specifies the list of permissible ciphers for SSL encryption.
SSLCipher *string `json:"sslCipher,omitempty"`
// If set, enable verification of the server certificate against the host
Expand Down
5 changes: 5 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 6 additions & 1 deletion config/crd/bases/modelregistry.opendatahub.io_modelregistries.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@ spec:
type: object
sslRootCertificateSecret:
description: This parameter specifies the Kubernetes Secret name
and key containing certificate authority (CA) certificate(s).
and key containing certificate authority (CA) certificate.
properties:
key:
description: Key name in secret
Expand All @@ -199,6 +199,11 @@ spec:
- key
- name
type: object
sslRootCertificatesSecretName:
description: This parameter specifies the Kubernetes Secret name
containing multiple certificate authority (CA) certificate(s)
as keys.
type: string
username:
description: The MYSQL login id.
type: string
Expand Down
26 changes: 20 additions & 6 deletions internal/controller/config/templates/deployment.yaml.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,9 @@ spec:
{{- end}}
{{- if .Spec.MySQL.SSLRootCertificateSecret}}
- --mysql_config_sslrootcert=/etc/mysql_ssl_rootcert/{{.Spec.MySQL.SSLRootCertificateSecret.Key}}
{{- end}}
{{- if .Spec.MySQL.SSLRootCertificatesSecretName}}
- --mysql_config_sslcapath=/etc/mysql_ssl_rootcerts/
{{- end}}
{{- if .Spec.MySQL.SSLCipher}}
- --mysql_config_sslcipher={{.Spec.MySQL.SSLCipher}}
Expand Down Expand Up @@ -128,18 +131,23 @@ spec:
{{- else if .Spec.MySQL}}
{{- if .Spec.MySQL.SSLCertificateSecret}}
- name: mysql-ssl-cert
mountPath: /etc/mysql_ssl_cert
readOnly: true
mountPath: /etc/mysql_ssl_cert
readOnly: true
{{- end}}
{{- if .Spec.MySQL.SSLKeySecret}}
- name: mysql-ssl-key
mountPath: /etc/mysql_ssl_key
readOnly: true
mountPath: /etc/mysql_ssl_key
readOnly: true
{{- end}}
{{- if .Spec.MySQL.SSLRootCertificateSecret}}
- name: mysql-ssl-rootcert
mountPath: /etc/mysql_ssl_rootcert
readOnly: true
mountPath: /etc/mysql_ssl_rootcert
readOnly: true
{{- end}}
{{- if .Spec.MySQL.SSLRootCertificatesSecretName}}
- name: mysql-ssl-rootcerts
mountPath: /etc/mysql_ssl_rootcerts
readOnly: true
{{- end}}
{{- end}}
image: {{.Spec.Grpc.Image}}
Expand Down Expand Up @@ -246,4 +254,10 @@ spec:
secretName: {{.Spec.MySQL.SSLRootCertificateSecret.Name}}
defaultMode: 0600
{{- end}}
{{- if .Spec.MySQL.SSLRootCertificatesSecretName}}
- name: mysql-ssl-rootcerts
secret:
secretName: {{.Spec.MySQL.SSLRootCertificatesSecretName}}
defaultMode: 0600
{{- end}}
{{- end}}

0 comments on commit b80026c

Please sign in to comment.