Skip to content

Commit

Permalink
Backport values changes with pprof and mount defaults
Browse files Browse the repository at this point in the history
  • Loading branch information
andrewstucki committed Dec 20, 2024
1 parent dedb1e4 commit f6f5c47
Show file tree
Hide file tree
Showing 4 changed files with 84 additions and 78 deletions.
2 changes: 1 addition & 1 deletion charts/redpanda/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -961,7 +961,7 @@ To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limi

### [statefulset.sideCars.controllers.image.tag](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.controllers.image.tag)

**Default:** `"v2.3.3-24.3.1"`
**Default:** `"v2.3.4-24.3.2"`

### [statefulset.sideCars.controllers.metricsAddress](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.controllers.metricsAddress)

Expand Down
116 changes: 58 additions & 58 deletions charts/redpanda/templates/_values.go.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -122,9 +122,9 @@
{{- range $_ := (list 1) -}}
{{- $_is_returning := false -}}
{{- $conf := (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $s) ))) "r") -}}
{{- $_406_b_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $conf "cloud_storage_enabled" (coalesce nil)) ))) "r") -}}
{{- $b := (index $_406_b_ok 0) -}}
{{- $ok := (index $_406_b_ok 1) -}}
{{- $_412_b_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $conf "cloud_storage_enabled" (coalesce nil)) ))) "r") -}}
{{- $b := (index $_412_b_ok 0) -}}
{{- $ok := (index $_412_b_ok 1) -}}
{{- $_is_returning = true -}}
{{- (dict "r" (and $ok (get (fromJson (include "_shims.typeassertion" (dict "a" (list "bool" $b) ))) "r"))) | toJson -}}
{{- break -}}
Expand Down Expand Up @@ -169,18 +169,18 @@
{{- range $_ := (list 1) -}}
{{- $_is_returning := false -}}
{{- $values := $dot.Values.AsMap -}}
{{- $_435_dir_2_ok_3 := (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $values.config.node "cloud_storage_cache_directory") "") ))) "r") -}}
{{- $dir_2 := (index $_435_dir_2_ok_3 0) -}}
{{- $ok_3 := (index $_435_dir_2_ok_3 1) -}}
{{- $_441_dir_2_ok_3 := (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $values.config.node "cloud_storage_cache_directory") "") ))) "r") -}}
{{- $dir_2 := (index $_441_dir_2_ok_3 0) -}}
{{- $ok_3 := (index $_441_dir_2_ok_3 1) -}}
{{- if $ok_3 -}}
{{- $_is_returning = true -}}
{{- (dict "r" $dir_2) | toJson -}}
{{- break -}}
{{- end -}}
{{- $tieredConfig := (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r") -}}
{{- $_444_dir_4_ok_5 := (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $tieredConfig "cloud_storage_cache_directory") "") ))) "r") -}}
{{- $dir_4 := (index $_444_dir_4_ok_5 0) -}}
{{- $ok_5 := (index $_444_dir_4_ok_5 1) -}}
{{- $_450_dir_4_ok_5 := (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $tieredConfig "cloud_storage_cache_directory") "") ))) "r") -}}
{{- $dir_4 := (index $_450_dir_4_ok_5 0) -}}
{{- $ok_5 := (index $_450_dir_4_ok_5 1) -}}
{{- if $ok_5 -}}
{{- $_is_returning = true -}}
{{- (dict "r" $dir_4) | toJson -}}
Expand Down Expand Up @@ -280,9 +280,9 @@
{{- $result := (dict ) -}}
{{- $s := (toJson $t) -}}
{{- $tune := (fromJson $s) -}}
{{- $_670_m_ok := (get (fromJson (include "_shims.typetest" (dict "a" (list (printf "map[%s]%s" "string" "interface {}") $tune (coalesce nil)) ))) "r") -}}
{{- $m := (index $_670_m_ok 0) -}}
{{- $ok := (index $_670_m_ok 1) -}}
{{- $_676_m_ok := (get (fromJson (include "_shims.typetest" (dict "a" (list (printf "map[%s]%s" "string" "interface {}") $tune (coalesce nil)) ))) "r") -}}
{{- $m := (index $_676_m_ok 0) -}}
{{- $ok := (index $_676_m_ok 1) -}}
{{- if (not $ok) -}}
{{- $_is_returning = true -}}
{{- (dict "r" (dict )) | toJson -}}
Expand Down Expand Up @@ -418,9 +418,9 @@
{{- $seen := (dict ) -}}
{{- $deduped := (coalesce nil) -}}
{{- range $_, $item := $items -}}
{{- $_787___ok_6 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $seen $item.key false) ))) "r") -}}
{{- $_ := (index $_787___ok_6 0) -}}
{{- $ok_6 := (index $_787___ok_6 1) -}}
{{- $_793___ok_6 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $seen $item.key false) ))) "r") -}}
{{- $_ := (index $_793___ok_6 0) -}}
{{- $ok_6 := (index $_793___ok_6 1) -}}
{{- if $ok_6 -}}
{{- continue -}}
{{- end -}}
Expand Down Expand Up @@ -473,9 +473,9 @@
{{- $name := (index .a 1) -}}
{{- range $_ := (list 1) -}}
{{- $_is_returning := false -}}
{{- $_878_cert_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $m $name (dict "enabled" (coalesce nil) "caEnabled" false "applyInternalDNSNames" (coalesce nil) "duration" "" "issuerRef" (coalesce nil) "secretRef" (coalesce nil) "clientSecretRef" (coalesce nil) )) ))) "r") -}}
{{- $cert := (index $_878_cert_ok 0) -}}
{{- $ok := (index $_878_cert_ok 1) -}}
{{- $_884_cert_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $m $name (dict "enabled" (coalesce nil) "caEnabled" false "applyInternalDNSNames" (coalesce nil) "duration" "" "issuerRef" (coalesce nil) "secretRef" (coalesce nil) "clientSecretRef" (coalesce nil) )) ))) "r") -}}
{{- $cert := (index $_884_cert_ok 0) -}}
{{- $ok := (index $_884_cert_ok 1) -}}
{{- if (not $ok) -}}
{{- $_ := (fail (printf "Certificate %q referenced, but not found in the tls.certs map" $name)) -}}
{{- end -}}
Expand Down Expand Up @@ -1001,23 +1001,23 @@
{{- end -}}

{{- define "redpanda.KafkaListeners.ConsoleTLS" -}}
{{- $l := (index .a 0) -}}
{{- $k := (index .a 0) -}}
{{- $tls := (index .a 1) -}}
{{- range $_ := (list 1) -}}
{{- $_is_returning := false -}}
{{- $t := (mustMergeOverwrite (dict "enabled" false "caFilepath" "" "certFilepath" "" "keyFilepath" "" "insecureSkipTlsVerify" false ) (dict "enabled" (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") )) -}}
{{- $t := (mustMergeOverwrite (dict "enabled" false "caFilepath" "" "certFilepath" "" "keyFilepath" "" "insecureSkipTlsVerify" false ) (dict "enabled" (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $k.tls $tls) ))) "r") )) -}}
{{- if (not $t.enabled) -}}
{{- $_is_returning = true -}}
{{- (dict "r" $t) | toJson -}}
{{- break -}}
{{- end -}}
{{- $kafkaPathPrefix := (printf "%s/%s" "/etc/tls/certs" $l.tls.cert) -}}
{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $l.tls.cert) ))) "r").caEnabled -}}
{{- $kafkaPathPrefix := (printf "%s/%s" "/etc/tls/certs" $k.tls.cert) -}}
{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $k.tls.cert) ))) "r").caEnabled -}}
{{- $_ := (set $t "caFilepath" (printf "%s/ca.crt" $kafkaPathPrefix)) -}}
{{- else -}}
{{- $_ := (set $t "caFilepath" (printf "%s/tls.crt" $kafkaPathPrefix)) -}}
{{- end -}}
{{- if (not $l.tls.requireClientAuth) -}}
{{- if (not $k.tls.requireClientAuth) -}}
{{- $_is_returning = true -}}
{{- (dict "r" $t) | toJson -}}
{{- break -}}
Expand All @@ -1031,12 +1031,12 @@
{{- end -}}

{{- define "redpanda.KafkaListeners.ConnectorsTLS" -}}
{{- $l := (index .a 0) -}}
{{- $k := (index .a 0) -}}
{{- $tls := (index .a 1) -}}
{{- $fullName := (index .a 2) -}}
{{- range $_ := (list 1) -}}
{{- $_is_returning := false -}}
{{- $t := (mustMergeOverwrite (dict "enabled" false "ca" (dict "secretRef" "" "secretNameOverwrite" "" ) "cert" (dict "secretRef" "" "secretNameOverwrite" "" ) "key" (dict "secretRef" "" "secretNameOverwrite" "" ) ) (dict "enabled" (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") )) -}}
{{- $t := (mustMergeOverwrite (dict "enabled" false "ca" (dict "secretRef" "" "secretNameOverwrite" "" ) "cert" (dict "secretRef" "" "secretNameOverwrite" "" ) "key" (dict "secretRef" "" "secretNameOverwrite" "" ) ) (dict "enabled" (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $k.tls $tls) ))) "r") )) -}}
{{- if (not $t.enabled) -}}
{{- $_is_returning = true -}}
{{- (dict "r" $t) | toJson -}}
Expand All @@ -1060,20 +1060,20 @@
{{- end -}}

{{- define "redpanda.SchemaRegistryListeners.Listeners" -}}
{{- $l := (index .a 0) -}}
{{- $sr := (index .a 0) -}}
{{- $saslEnabled := (index .a 1) -}}
{{- range $_ := (list 1) -}}
{{- $_is_returning := false -}}
{{- $internal := (get (fromJson (include "redpanda.createInternalListenerCfg" (dict "a" (list ($l.port | int)) ))) "r") -}}
{{- $internal := (get (fromJson (include "redpanda.createInternalListenerCfg" (dict "a" (list ($sr.port | int)) ))) "r") -}}
{{- if $saslEnabled -}}
{{- $_ := (set $internal "authentication_method" "http_basic") -}}
{{- end -}}
{{- $am_11 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.authenticationMethod "") ))) "r") -}}
{{- $am_11 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $sr.authenticationMethod "") ))) "r") -}}
{{- if (ne $am_11 "") -}}
{{- $_ := (set $internal "authentication_method" $am_11) -}}
{{- end -}}
{{- $result := (list $internal) -}}
{{- range $k, $l := $l.external -}}
{{- range $k, $l := $sr.external -}}
{{- if (not (get (fromJson (include "redpanda.SchemaRegistryExternal.IsEnabled" (dict "a" (list $l) ))) "r")) -}}
{{- continue -}}
{{- end -}}
Expand Down Expand Up @@ -1148,23 +1148,23 @@
{{- end -}}

{{- define "redpanda.SchemaRegistryListeners.ConsoleTLS" -}}
{{- $l := (index .a 0) -}}
{{- $sr := (index .a 0) -}}
{{- $tls := (index .a 1) -}}
{{- range $_ := (list 1) -}}
{{- $_is_returning := false -}}
{{- $t := (mustMergeOverwrite (dict "enabled" false "caFilepath" "" "certFilepath" "" "keyFilepath" "" "insecureSkipTlsVerify" false ) (dict "enabled" (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") )) -}}
{{- $t := (mustMergeOverwrite (dict "enabled" false "caFilepath" "" "certFilepath" "" "keyFilepath" "" "insecureSkipTlsVerify" false ) (dict "enabled" (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $sr.tls $tls) ))) "r") )) -}}
{{- if (not $t.enabled) -}}
{{- $_is_returning = true -}}
{{- (dict "r" $t) | toJson -}}
{{- break -}}
{{- end -}}
{{- $schemaRegistryPrefix := (printf "%s/%s" "/etc/tls/certs" $l.tls.cert) -}}
{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $l.tls.cert) ))) "r").caEnabled -}}
{{- $schemaRegistryPrefix := (printf "%s/%s" "/etc/tls/certs" $sr.tls.cert) -}}
{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $sr.tls.cert) ))) "r").caEnabled -}}
{{- $_ := (set $t "caFilepath" (printf "%s/ca.crt" $schemaRegistryPrefix)) -}}
{{- else -}}
{{- $_ := (set $t "caFilepath" (printf "%s/tls.crt" $schemaRegistryPrefix)) -}}
{{- end -}}
{{- if (not $l.tls.requireClientAuth) -}}
{{- if (not $sr.tls.requireClientAuth) -}}
{{- $_is_returning = true -}}
{{- (dict "r" $t) | toJson -}}
{{- break -}}
Expand Down Expand Up @@ -1218,9 +1218,9 @@
{{- $result := (dict ) -}}
{{- range $k, $v := $c -}}
{{- if (not (empty $v)) -}}
{{- $_1712___ok_13 := (get (fromJson (include "_shims.asnumeric" (dict "a" (list $v) ))) "r") -}}
{{- $_ := ((index $_1712___ok_13 0) | float64) -}}
{{- $ok_13 := (index $_1712___ok_13 1) -}}
{{- $_1718___ok_13 := (get (fromJson (include "_shims.asnumeric" (dict "a" (list $v) ))) "r") -}}
{{- $_ := ((index $_1718___ok_13 0) | float64) -}}
{{- $ok_13 := (index $_1718___ok_13 1) -}}
{{- if $ok_13 -}}
{{- $_ := (set $result $k $v) -}}
{{- else -}}{{- if (kindIs "bool" $v) -}}
Expand All @@ -1246,9 +1246,9 @@
{{- $_is_returning := false -}}
{{- $result := (dict ) -}}
{{- range $k, $v := $c -}}
{{- $_1732_b_14_ok_15 := (get (fromJson (include "_shims.typetest" (dict "a" (list "bool" $v false) ))) "r") -}}
{{- $b_14 := (index $_1732_b_14_ok_15 0) -}}
{{- $ok_15 := (index $_1732_b_14_ok_15 1) -}}
{{- $_1738_b_14_ok_15 := (get (fromJson (include "_shims.typetest" (dict "a" (list "bool" $v false) ))) "r") -}}
{{- $b_14 := (index $_1738_b_14_ok_15 0) -}}
{{- $ok_15 := (index $_1738_b_14_ok_15 1) -}}
{{- if $ok_15 -}}
{{- $_ := (set $result $k $b_14) -}}
{{- continue -}}
Expand Down Expand Up @@ -1291,15 +1291,15 @@
{{- $config := (index .a 1) -}}
{{- range $_ := (list 1) -}}
{{- $_is_returning := false -}}
{{- $_1777___hasAccessKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_access_key" (coalesce nil)) ))) "r") -}}
{{- $_ := (index $_1777___hasAccessKey 0) -}}
{{- $hasAccessKey := (index $_1777___hasAccessKey 1) -}}
{{- $_1778___hasSecretKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_secret_key" (coalesce nil)) ))) "r") -}}
{{- $_ := (index $_1778___hasSecretKey 0) -}}
{{- $hasSecretKey := (index $_1778___hasSecretKey 1) -}}
{{- $_1779___hasSharedKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_azure_shared_key" (coalesce nil)) ))) "r") -}}
{{- $_ := (index $_1779___hasSharedKey 0) -}}
{{- $hasSharedKey := (index $_1779___hasSharedKey 1) -}}
{{- $_1783___hasAccessKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_access_key" (coalesce nil)) ))) "r") -}}
{{- $_ := (index $_1783___hasAccessKey 0) -}}
{{- $hasAccessKey := (index $_1783___hasAccessKey 1) -}}
{{- $_1784___hasSecretKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_secret_key" (coalesce nil)) ))) "r") -}}
{{- $_ := (index $_1784___hasSecretKey 0) -}}
{{- $hasSecretKey := (index $_1784___hasSecretKey 1) -}}
{{- $_1785___hasSharedKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_azure_shared_key" (coalesce nil)) ))) "r") -}}
{{- $_ := (index $_1785___hasSharedKey 0) -}}
{{- $hasSharedKey := (index $_1785___hasSharedKey 1) -}}
{{- $envvars := (coalesce nil) -}}
{{- if (and (not $hasAccessKey) (get (fromJson (include "redpanda.SecretRef.IsValid" (dict "a" (list $tsc.accessKey) ))) "r")) -}}
{{- $envvars = (concat (default (list ) $envvars) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_CLOUD_STORAGE_ACCESS_KEY" "valueFrom" (get (fromJson (include "redpanda.SecretRef.AsSource" (dict "a" (list $tsc.accessKey) ))) "r") )))) -}}
Expand All @@ -1322,12 +1322,12 @@
{{- $c := (index .a 0) -}}
{{- range $_ := (list 1) -}}
{{- $_is_returning := false -}}
{{- $_1815___containerExists := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c "cloud_storage_azure_container" (coalesce nil)) ))) "r") -}}
{{- $_ := (index $_1815___containerExists 0) -}}
{{- $containerExists := (index $_1815___containerExists 1) -}}
{{- $_1816___accountExists := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c "cloud_storage_azure_storage_account" (coalesce nil)) ))) "r") -}}
{{- $_ := (index $_1816___accountExists 0) -}}
{{- $accountExists := (index $_1816___accountExists 1) -}}
{{- $_1821___containerExists := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c "cloud_storage_azure_container" (coalesce nil)) ))) "r") -}}
{{- $_ := (index $_1821___containerExists 0) -}}
{{- $containerExists := (index $_1821___containerExists 1) -}}
{{- $_1822___accountExists := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c "cloud_storage_azure_storage_account" (coalesce nil)) ))) "r") -}}
{{- $_ := (index $_1822___accountExists 0) -}}
{{- $accountExists := (index $_1822___accountExists 1) -}}
{{- $_is_returning = true -}}
{{- (dict "r" (and $containerExists $accountExists)) | toJson -}}
{{- break -}}
Expand All @@ -1338,9 +1338,9 @@
{{- $c := (index .a 0) -}}
{{- range $_ := (list 1) -}}
{{- $_is_returning := false -}}
{{- $_1821_value_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c `cloud_storage_cache_size` (coalesce nil)) ))) "r") -}}
{{- $value := (index $_1821_value_ok 0) -}}
{{- $ok := (index $_1821_value_ok 1) -}}
{{- $_1827_value_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c `cloud_storage_cache_size` (coalesce nil)) ))) "r") -}}
{{- $value := (index $_1827_value_ok 0) -}}
{{- $ok := (index $_1827_value_ok 1) -}}
{{- if (not $ok) -}}
{{- $_is_returning = true -}}
{{- (dict "r" (coalesce nil)) | toJson -}}
Expand Down
42 changes: 24 additions & 18 deletions charts/redpanda/values.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@
// the Business Source License, use of this software will be governed
// by the Apache License, Version 2.0

// Use of this software is governed by the Business Source License
// included in the file licenses/BSL.md
//
// As of the Change Date specified in that file, in accordance with
// the Business Source License, use of this software will be governed
// by the Apache License, Version 2.0

// +gotohelm:filename=_values.go.tpl
package redpanda

Expand Down Expand Up @@ -300,8 +307,7 @@ type Monitoring struct {
ScrapeInterval monitoringv1.Duration `json:"scrapeInterval" jsonschema:"required"`
Labels map[string]string `json:"labels"`
TLSConfig *monitoringv1.TLSConfig `json:"tlsConfig"`
//nolint:stylecheck
EnableHttp2 *bool `json:"enableHttp2"`
EnableHttp2 *bool `json:"enableHttp2"`
}

type RedpandaResources struct {
Expand Down Expand Up @@ -1450,26 +1456,26 @@ func (l *KafkaListeners) TrustStores(tls *TLS) []*TrustStore {
return tss
}

func (l *KafkaListeners) ConsoleTLS(tls *TLS) ConsoleTLS {
t := ConsoleTLS{Enabled: l.TLS.IsEnabled(tls)}
func (k *KafkaListeners) ConsoleTLS(tls *TLS) ConsoleTLS {
t := ConsoleTLS{Enabled: k.TLS.IsEnabled(tls)}
if !t.Enabled {
return t
}

kafkaPathPrefix := fmt.Sprintf("%s/%s", certificateMountPoint, l.TLS.Cert)
kafkaPathPrefix := fmt.Sprintf("%s/%s", certificateMountPoint, k.TLS.Cert)

// Strange but technically correct, if CAEnabled is false, we can't safely
// assume that a ca.crt file will exist. So we fallback to using the
// server's certificate itself.
// Other options would be: failing or falling back to the container's
// default truststore.
if tls.Certs.MustGet(l.TLS.Cert).CAEnabled {
if tls.Certs.MustGet(k.TLS.Cert).CAEnabled {
t.CaFilepath = fmt.Sprintf("%s/ca.crt", kafkaPathPrefix)
} else {
t.CaFilepath = fmt.Sprintf("%s/tls.crt", kafkaPathPrefix)
}

if !l.TLS.RequireClientAuth {
if !k.TLS.RequireClientAuth {
return t
}

Expand All @@ -1479,8 +1485,8 @@ func (l *KafkaListeners) ConsoleTLS(tls *TLS) ConsoleTLS {
return t
}

func (l *KafkaListeners) ConnectorsTLS(tls *TLS, fullName string) connectors.TLS {
t := connectors.TLS{Enabled: l.TLS.IsEnabled(tls)}
func (k *KafkaListeners) ConnectorsTLS(tls *TLS, fullName string) connectors.TLS {
t := connectors.TLS{Enabled: k.TLS.IsEnabled(tls)}
if !t.Enabled {
return t
}
Expand Down Expand Up @@ -1531,22 +1537,22 @@ func (SchemaRegistryListeners) JSONSchemaExtend(schema *jsonschema.Schema) {
makeNullable(schema, "authenticationMethod")
}

func (l *SchemaRegistryListeners) Listeners(saslEnabled bool) []map[string]any {
internal := createInternalListenerCfg(l.Port)
func (sr *SchemaRegistryListeners) Listeners(saslEnabled bool) []map[string]any {
internal := createInternalListenerCfg(sr.Port)

if saslEnabled {
internal["authentication_method"] = "http_basic"
}

if am := ptr.Deref(l.AuthenticationMethod, ""); am != "" {
if am := ptr.Deref(sr.AuthenticationMethod, ""); am != "" {
internal["authentication_method"] = am
}

result := []map[string]any{
internal,
}

for k, l := range l.External {
for k, l := range sr.External {
if !l.IsEnabled() {
continue
}
Expand Down Expand Up @@ -1619,26 +1625,26 @@ func (l *SchemaRegistryListeners) TrustStores(tls *TLS) []*TrustStore {
return tss
}

func (l *SchemaRegistryListeners) ConsoleTLS(tls *TLS) ConsoleTLS {
t := ConsoleTLS{Enabled: l.TLS.IsEnabled(tls)}
func (sr *SchemaRegistryListeners) ConsoleTLS(tls *TLS) ConsoleTLS {
t := ConsoleTLS{Enabled: sr.TLS.IsEnabled(tls)}
if !t.Enabled {
return t
}

schemaRegistryPrefix := fmt.Sprintf("%s/%s", certificateMountPoint, l.TLS.Cert)
schemaRegistryPrefix := fmt.Sprintf("%s/%s", certificateMountPoint, sr.TLS.Cert)

// Strange but technically correct, if CAEnabled is false, we can't safely
// assume that a ca.crt file will exist. So we fallback to using the
// server's certificate itself.
// Other options would be: failing or falling back to the container's
// default truststore.
if tls.Certs.MustGet(l.TLS.Cert).CAEnabled {
if tls.Certs.MustGet(sr.TLS.Cert).CAEnabled {
t.CaFilepath = fmt.Sprintf("%s/ca.crt", schemaRegistryPrefix)
} else {
t.CaFilepath = fmt.Sprintf("%s/tls.crt", schemaRegistryPrefix)
}

if !l.TLS.RequireClientAuth {
if !sr.TLS.RequireClientAuth {
return t
}

Expand Down
Loading

0 comments on commit f6f5c47

Please sign in to comment.