You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Merge remote-tracking branch 'fork/pr/T6-tls-e2e' into downstream/integration
Brings the etcd-io#376 TLS reshape (clientEndpointForOrdinalIndex, etcdutils.ClusterHealth,
per-surface TLS args) plus T5 and T6 e2e coverage. Cert-block conflict (T0 vs T5)
resolved to log + Recorder.Eventf(reasonClientCertificateError) + requeue.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: Xavier Lange <xrlange@gmail.com>
Copy file name to clipboardExpand all lines: api/v1alpha1/etcdcluster_types.go
+76-12Lines changed: 76 additions & 12 deletions
Original file line number
Diff line number
Diff line change
@@ -43,8 +43,17 @@ type EtcdClusterSpec struct {
43
43
Versionstring`json:"version"`
44
44
// StorageSpec is the name of the StorageSpec to use for the etcd cluster. If not provided, then each POD just uses the temporary storage inside the container.
// path is a NEW TLS cluster plus data migration, not an in-place flip.
56
+
TLS*EtcdClusterTLS`json:"tls,omitempty"`
48
57
// etcd configuration options are passed as command line arguments to the etcd container, refer to etcd documentation for configuration options applicable for the version of etcd being used.
// +kubebuilder:validation:XValidation:rule="self.provider == 'cert-manager' || !has(self.providerCfg.certManagerCfg)",message="providerCfg.certManagerCfg may only be set when provider is 'cert-manager'"
117
+
// +kubebuilder:validation:XValidation:rule="!self.clientCertAuth || self.provider != 'cert-manager' || (has(self.providerCfg.certManagerCfg) && size(self.providerCfg.certManagerCfg.issuerName) > 0)",message="clientCertAuth requires a trusted CA: set providerCfg.certManagerCfg.issuerName"
118
+
typeTLSSurfacestruct {
119
+
// Provider selects the certificate provider for THIS surface.
120
+
// Defaults to "auto" when empty.
121
+
// +kubebuilder:validation:Enum=auto;cert-manager
122
+
// +optional
123
+
Providerstring`json:"provider,omitempty"`
124
+
125
+
// ProviderCfg is the provider-specific config for THIS surface.
0 commit comments