pulsar-helm-chart icon indicating copy to clipboard operation
pulsar-helm-chart copied to clipboard
verified publisher icon datastax

Decouple burnell "provision container" provision-tls-jwt from autorecovery component

Open lhotari opened this issue 3 years ago • 2 comments

Currently JWT tokens are provisioned by an init container that is part of the autorecovery component.

https://github.com/datastax/pulsar-helm-chart/blob/16a5b8169b0bb7c48deb1c149aaf4e0a7f185f10/helm-chart-sources/pulsar/templates/autorecovery/autorecovery-deployment.yaml#L168-L189

This should be decoupled since provision-tls-jwt has nothing to do with Bookkeeper autorecovery.

lhotari avatar Jun 13 '22 14:06 lhotari

The reason we added here is because AR is the first pod coming up in the cluster. Private/public key pair need to be created ahead of bastion and other pods initialized. We have have a dedicated pod to initialize keys and JWTs.

zzzming avatar Jun 13 '22 15:06 zzzming

+1. We should create a separate initialization job that runs when needed.

michaeljmarshall avatar Jun 13 '22 17:06 michaeljmarshall