Decouple burnell "provision container" provision-tls-jwt from autorecovery component

datastax / pulsar-helm-chart

Apache Pulsar Helm chart

Apache License 2.0

46 stars 38 forks source link

Decouple burnell "provision container" provision-tls-jwt from autorecovery component #235

Open lhotari opened 2 years ago

lhotari commented 2 years ago

Currently JWT tokens are provisioned by an init container that is part of the autorecovery component.

https://github.com/datastax/pulsar-helm-chart/blob/16a5b8169b0bb7c48deb1c149aaf4e0a7f185f10/helm-chart-sources/pulsar/templates/autorecovery/autorecovery-deployment.yaml#L168-L189

This should be decoupled since provision-tls-jwt has nothing to do with Bookkeeper autorecovery.

zzzming commented 2 years ago

The reason we added here is because AR is the first pod coming up in the cluster. Private/public key pair need to be created ahead of bastion and other pods initialized. We have have a dedicated pod to initialize keys and JWTs.

michaeljmarshall commented 2 years ago

+1. We should create a separate initialization job that runs when needed.