Skip to content

Commit

Permalink
Rename TDE to Encryption
Browse files Browse the repository at this point in the history
  • Loading branch information
@kota2and3kan
kota2and3kan committed Oct 4, 2024
1 parent 21b338d commit 3db5ff6
Show file tree
Hide file tree
Showing 5 changed files with 45 additions and 45 deletions.
12 changes: 6 additions & 6 deletions charts/scalardb-cluster/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ Current chart version is `2.0.0-SNAPSHOT`
| fullnameOverride | string | `""` | String to fully override scalardb-cluster.fullname template |
| nameOverride | string | `""` | String to partially override scalardb-cluster.fullname template (will maintain the release name) |
| scalardbCluster.affinity | object | `{}` | The affinity/anti-affinity feature, greatly expands the types of constraints you can express. |
| scalardbCluster.encryption.enabled | bool | `false` | Enable encryption feature. You must enable encryption when you use the encryption feature of ScalarDB Cluster. |
| scalardbCluster.encryption.type | string | `""` | Type of encryption. You must set the same value as "scalar.db.cluster.encryption.type" of ScalarDB Cluster. |
| scalardbCluster.encryption.vault | object | `{"tls":{"caRootCertSecret":"","enabled":false}}` | Vault specific configurations. |
| scalardbCluster.encryption.vault.tls | object | `{"caRootCertSecret":"","enabled":false}` | TLS configurations to access from ScalarDB Cluster to Vault by using TLS. |
| scalardbCluster.encryption.vault.tls.caRootCertSecret | string | `""` | Name of the Secret containing the custom CA root certificate for TLS communication between ScalarDB Cluster and Vault. The certificate file will be mounted under the /encryption/vault/tls/certs/ directory in the ScalarDB Cluster pod. |
| scalardbCluster.encryption.vault.tls.enabled | bool | `false` | Enable TLS between ScalarDB Cluster and Vault. Note that you must enable the TLS feature on the Vault side. |
| scalardbCluster.extraVolumeMounts | list | `[]` | Defines additional volume mounts. If you want to get a heap dump of the ScalarDB Cluster node, you need to mount a volume to make the dump file persistent. |
| scalardbCluster.extraVolumes | list | `[]` | Defines additional volumes. If you want to get a heap dump of the ScalarDB Cluster node, you need to mount a volume to make the dump file persistent. |
| scalardbCluster.grafanaDashboard.enabled | bool | `false` | Enable grafana dashboard. |
Expand Down Expand Up @@ -65,12 +71,6 @@ Current chart version is `2.0.0-SNAPSHOT`
| scalardbCluster.strategy.rollingUpdate.maxSurge | string | `"25%"` | The number of pods that can be created above the desired amount of pods during an update |
| scalardbCluster.strategy.rollingUpdate.maxUnavailable | string | `"25%"` | The number of pods that can be unavailable during the update process |
| scalardbCluster.strategy.type | string | `"RollingUpdate"` | New pods are added gradually, and old pods are terminated gradually, e.g: Recreate or RollingUpdate |
| scalardbCluster.tde.enabled | bool | `false` | Enable TDE. You must enable TDE when you use the TDE feature of ScalarDB Cluster. |
| scalardbCluster.tde.type | string | `""` | Type of TDE. You must set the same value as "scalar.db.cluster.encryption.type" of ScalarDB Cluster. |
| scalardbCluster.tde.vault | object | `{"tls":{"caRootCertSecret":"","enabled":false}}` | Vault specific configurations. |
| scalardbCluster.tde.vault.tls | object | `{"caRootCertSecret":"","enabled":false}` | TLS configurations to access from ScalarDB Cluster to Vault by using TLS. |
| scalardbCluster.tde.vault.tls.caRootCertSecret | string | `""` | Name of the Secret containing the custom CA root certificate for TLS communication between ScalarDB Cluster and Vault. The certificate file will be mounted under the /tde/vault/tls/certs/ directory in the ScalarDB Cluster pod. |
| scalardbCluster.tde.vault.tls.enabled | bool | `false` | Enable TLS between ScalarDB Cluster and Vault. Note that you must enable the TLS feature on the Vault side. |
| scalardbCluster.tls.caRootCertSecret | string | `""` | Name of the Secret containing the custom CA root certificate for TLS communication. |
| scalardbCluster.tls.caRootCertSecretForServiceMonitor | string | `""` | Name of the Secret containing the CA root certificate for TLS communication on the metrics endpoint. Prometheus Operator retrieves the CA root certificate file from this secret resource. You must create this secret resource in the same namespace as Prometheus. |
| scalardbCluster.tls.certChainSecret | string | `""` | Name of the Secret containing the certificate chain file used for TLS communication. |
Expand Down
14 changes: 7 additions & 7 deletions charts/scalardb-cluster/templates/scalardb-cluster/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ spec:
value: {{ include "scalardb-cluster.fullname" . }}-headless
- name: SCALAR_DB_CLUSTER_LOG_LEVEL
value: "{{ .Values.scalardbCluster.logLevel }}"
{{- if and (.Values.scalardbCluster.tde.enabled) (eq .Values.scalardbCluster.tde.type "self") }}
{{- if and (.Values.scalardbCluster.encryption.enabled) (eq .Values.scalardbCluster.encryption.type "self") }}
- name: SCALAR_DB_CLUSTER_ENCRYPTION_SELF_KUBERNETES_SECRET_NAMESPACE_NAME
value: {{ .Release.Namespace }}
{{- end }}
Expand Down Expand Up @@ -101,9 +101,9 @@ spec:
- name: scalardb-cluster-tls-volume
mountPath: /tls/scalardb-cluster/certs
{{- end }}
{{- if and (.Values.scalardbCluster.tde.enabled) (eq .Values.scalardbCluster.tde.type "vault") (.Values.scalardbCluster.tde.vault.tls.enabled) }}
- name: scalardb-cluster-tde-vault-tls-volume
mountPath: /tde/vault/tls/certs
{{- if and (.Values.scalardbCluster.encryption.enabled) (eq .Values.scalardbCluster.encryption.type "vault") (.Values.scalardbCluster.encryption.vault.tls.enabled) }}
- name: scalardb-cluster-encryption-vault-tls-volume
mountPath: /encryption/vault/tls/certs
{{- end }}
{{- with .Values.scalardbCluster.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
Expand All @@ -128,10 +128,10 @@ spec:
- secret:
name: {{ .Values.scalardbCluster.tls.privateKeySecret }}
{{- end }}
{{- if and (.Values.scalardbCluster.tde.enabled) (eq .Values.scalardbCluster.tde.type "vault") (.Values.scalardbCluster.tde.vault.tls.enabled) }}
- name: scalardb-cluster-tde-vault-tls-volume
{{- if and (.Values.scalardbCluster.encryption.enabled) (eq .Values.scalardbCluster.encryption.type "vault") (.Values.scalardbCluster.encryption.vault.tls.enabled) }}
- name: scalardb-cluster-encryption-vault-tls-volume
secret:
secretName: {{ .Values.scalardbCluster.tde.vault.tls.caRootCertSecret }}
secretName: {{ .Values.scalardbCluster.encryption.vault.tls.caRootCertSecret }}
{{- end }}
{{- with .Values.scalardbCluster.extraVolumes }}
{{- toYaml . | nindent 8 }}
Expand Down
2 changes: 1 addition & 1 deletion charts/scalardb-cluster/templates/scalardb-cluster/role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "watch", "list"]
{{- if and (.Values.scalardbCluster.tde.enabled) (eq .Values.scalardbCluster.tde.type "self") }}
{{- if and (.Values.scalardbCluster.encryption.enabled) (eq .Values.scalardbCluster.encryption.type "self") }}
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "create", "delete"]
Expand Down
54 changes: 27 additions & 27 deletions charts/scalardb-cluster/values.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,33 @@
"affinity": {
"type": "object"
},
"encryption": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"type": {
"type": "string"
},
"vault": {
"type": "object",
"properties": {
"tls": {
"type": "object",
"properties": {
"caRootCertSecret": {
"type": "string"
},
"enabled": {
"type": "boolean"
}
}
}
}
}
}
},
"extraVolumeMounts": {
"type": "array"
},
Expand Down Expand Up @@ -289,33 +316,6 @@
}
}
},
"tde": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"type": {
"type": "string"
},
"vault": {
"type": "object",
"properties": {
"tls": {
"type": "object",
"properties": {
"caRootCertSecret": {
"type": "string"
},
"enabled": {
"type": "boolean"
}
}
}
}
}
}
},
"tls": {
"type": "object",
"properties": {
Expand Down
8 changes: 4 additions & 4 deletions charts/scalardb-cluster/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,16 +318,16 @@ scalardbCluster:
# -- Issuer references of cert-manager.
issuerRef: {}

tde:
# -- Enable TDE. You must enable TDE when you use the TDE feature of ScalarDB Cluster.
encryption:
# -- Enable encryption feature. You must enable encryption when you use the encryption feature of ScalarDB Cluster.
enabled: false
# -- Type of TDE. You must set the same value as "scalar.db.cluster.encryption.type" of ScalarDB Cluster.
# -- Type of encryption. You must set the same value as "scalar.db.cluster.encryption.type" of ScalarDB Cluster.
type: ""
# -- Vault specific configurations.
vault:
# -- TLS configurations to access from ScalarDB Cluster to Vault by using TLS.
tls:
# -- Enable TLS between ScalarDB Cluster and Vault. Note that you must enable the TLS feature on the Vault side.
enabled: false
# -- Name of the Secret containing the custom CA root certificate for TLS communication between ScalarDB Cluster and Vault. The certificate file will be mounted under the /tde/vault/tls/certs/ directory in the ScalarDB Cluster pod.
# -- Name of the Secret containing the custom CA root certificate for TLS communication between ScalarDB Cluster and Vault. The certificate file will be mounted under the /encryption/vault/tls/certs/ directory in the ScalarDB Cluster pod.
caRootCertSecret: ""

0 comments on commit 3db5ff6

Please sign in to comment.