Add Memcached TLS stuffs

Signed-off-by: Muhammad Raisul Islam Evan <raisul@appscode.com>
kubedb · Nov 6, 2024 · a8e4cea · a8e4cea
1 parent 3a305bf
commit a8e4cea
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 2 deletions.
diff --git a/apis/kubedb/constants.go b/apis/kubedb/constants.go
@@ -130,15 +130,25 @@ const (
 	MemcachedPrimaryServicePortName = "primary"
 	MemcachedDatabasePort           = 11211
 	MemcachedContainerName          = "memcached"
+	MemcachedExporterContainerName  = "exporter"
 
 	MemcachedConfigVolumeName = "memcached-config"
 	MemcachedConfigVolumePath = "/usr/config/"
 
 	MemcachedDataVolumeName = "data"
-	MemcachedDataVolumePath = "/usr/data"
+	MemcachedDataVolumePath = "/usr/data/"
 
 	MemcachedAuthVolumeName = "auth"
-	MemcachedAuthVolumePath = "/usr/auth"
+	MemcachedAuthVolumePath = "/usr/auth/"
+
+	MemcachedExporterAuthVolumeName = "exporter-auth"
+	MemcachedExporterAuthVolumePath = "/auth/"
+
+	MemcachedExporterTLSVolumeName = "exporter-tls"
+	MemcachedExporterTLSVolumePath = "/certs/"
+
+	MemcachedTLSVolumeName = "tls"
+	MemcachedTLSVolumePath = "/usr/certs/"
 
 	MemcachedHealthKey   = "kubedb_memcached_health_key"
 	MemcachedHealthValue = "kubedb_memcached_health_value"

diff --git a/apis/kubedb/v1/memcached_helpers.go b/apis/kubedb/v1/memcached_helpers.go
@@ -30,6 +30,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
+	kmapi "kmodules.xyz/client-go/api/v1"
 	"kmodules.xyz/client-go/apiextensions"
 	core_util "kmodules.xyz/client-go/core/v1"
 	meta_util "kmodules.xyz/client-go/meta"
@@ -291,6 +292,23 @@ func (m *Memcached) setDefaultContainerResourceLimits(podTemplate *ofstv2.PodTem
 	}
 }
 
+// CertificateName returns the default certificate name and/or certificate secret name for a certificate alias
+func (m *Memcached) CertificateName(alias MemcachedCertificateAlias) string {
+	return meta_util.NameWithSuffix(m.Name, fmt.Sprintf("%s-cert", string(alias)))
+}
+
+// GetCertSecretName returns the secret name for a certificate alias if any provide,
+// otherwise returns default certificate secret name for the given alias.
+func (m *Memcached) GetCertSecretName(alias MemcachedCertificateAlias) string {
+	if m.Spec.TLS != nil {
+		name, ok := kmapi.GetCertificateSecretName(m.Spec.TLS.Certificates, string(alias))
+		if ok {
+			return name
+		}
+	}
+	return m.CertificateName(alias)
+}
+
 func (m *MemcachedSpec) GetPersistentSecrets() []string {
 	return nil
 }

diff --git a/apis/kubedb/v1/memcached_types.go b/apis/kubedb/v1/memcached_types.go
@@ -124,6 +124,7 @@ type MemcachedCertificateAlias string
 
 const (
 	MemcachedServerCert          MemcachedCertificateAlias = "server"
+	MemcachedClientCert          MemcachedCertificateAlias = "client"
 	MemcachedMetricsExporterCert MemcachedCertificateAlias = "metrics-exporter"
 )
-Original file line number
+Diff line change
@@ Expand Up / @@ -124,6 +124,7 @@ type MemcachedCertificateAlias string @@
     const (
     	MemcachedServerCert          MemcachedCertificateAlias = "server"
+    	MemcachedClientCert          MemcachedCertificateAlias = "client"
     	MemcachedMetricsExporterCert MemcachedCertificateAlias = "metrics-exporter"
     )
@@ Expand Down @@