feat: ✨ ♻️ Apply suggested features

Signed-off-by: Javier Salmeron Garcia <[email protected]>

.vib/scylladb/ginkgo/scylladb_suite_test.go

@@ -27,7 +27,7 @@ var (
 
 func init() {
 	flag.StringVar(&kubeconfig, "kubeconfig", "", "absolute path to the kubeconfig file")
-	flag.StringVar(&stsName, "name", "", "name of the primary statefulset")
+	flag.StringVar(&stsName, "name", "", "name of the statefulset")
 	flag.StringVar(&namespace, "namespace", "", "namespace where the application is running")
 	flag.StringVar(&username, "username", "", "database user")
 	flag.StringVar(&password, "password", "", "database password for username")

.vib/scylladb/vib-action.config

@@ -1 +1 @@
-verification-mode=SERIAL
+verification-mode=SERIAL

bitnami/scylladb/Chart.yaml

@@ -6,7 +6,7 @@ annotations:
   licenses: Apache-2.0
   images: |
     - name: scylladb
-      image: docker.io/bitnami/scylladb:4.1.4-debian-12-r12
+      image: docker.io/bitnami/scylladb:5.4.6-debian-12-r12
     - name: os-shell
       image: docker.io/bitnami/os-shell:12-debian-12-r20
 apiVersion: v2
@@ -17,7 +17,7 @@ dependencies:
   tags:
   - bitnami-common
   version: 2.x.x
-description: Apache Scylladb is an open source distributed database management system designed to handle large amounts of data across many servers, providing high availability with no single point of failure.
+description: ScyllaDB is an open-source, distributed NoSQL wide-column data store. Written in C++, it is designed for high throughput and low latency, compatible with Apache Cassandra.
 home: https://bitnami.com
 icon: https://bitnami.com/assets/stacks/scylladb/img/scylladb-stack-220x234.png
 keywords:

bitnami/scylladb/templates/_helpers.tpl

@@ -95,7 +95,7 @@ scylladb: cluster.seedCount
 
 {{/* Validate values of Scylladb - Tls enabled */}}
 {{- define "scylladb.validateValues.tls" -}}
-{{- if and (include "scylladb.tlsEncryption" .) (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) }}
+{{- if and (include "scylladb.tlsEncryptionEnabled" .) (not .Values.tls.autoGenerated.enabled) (not .Values.tls.existingSecret) }}
 scylladb: tls.enabled
     In order to enable TLS, you also need to provide
     an existing secret containing the certificate/keyfile or
@@ -126,16 +126,7 @@ Return  the proper Commit Storage Class
 {{- end -}}
 
 {{/*
-Return true if encryption via TLS for client connections should be configured
-*/}}
-{{- define "scylladb.client.tlsEncryption" -}}
-{{- if .Values.tls.clientEncryption -}}
-    {{- true -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return true if encryption via TLS for internode communication connections should be configured
+Return type of internode communication connections should be configured
 */}}
 {{- define "scylladb.internode.tlsEncryption" -}}
 {{- if (ne .Values.tls.internodeEncryption "none") -}}
@@ -148,8 +139,8 @@ Return true if encryption via TLS for internode communication connections should
 {{/*
 Return true if encryption via TLS should be configured
 */}}
-{{- define "scylladb.tlsEncryption" -}}
-{{- if or (include "scylladb.client.tlsEncryption" . ) ( ne "none" (include "scylladb.internode.tlsEncryption" . )) -}}
+{{- define "scylladb.tlsEncryptionEnabled" -}}
+{{- if or .Values.tls.clientEncryption ( ne "none" (include "scylladb.internode.tlsEncryption" . )) -}}
     {{- true -}}
 {{- end -}}
 {{- end -}}
@@ -159,17 +150,28 @@ Return the Scylladb TLS credentials secret
 */}}
 {{- define "scylladb.tlsSecretName" -}}
 {{- if .Values.tls.existingSecret -}}
-    {{- printf "%s" (tpl .Values.tls.existingSecret $) -}}
+    {{- print (tpl .Values.tls.existingSecret $) -}}
 {{- else -}}
     {{- printf "%s-crt" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 
+{{/*
+Return the Scylladb TLS credentials secret
+*/}}
+{{- define "scylladb.tlsCASecretName" -}}
+{{- if .Values.tls.existingCASecret -}}
+    {{- print (tpl .Values.tls.existingCASecret $) -}}
+{{- else -}}
+    {{- printf "%s-ca-crt" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Return true if a TLS credentials secret object should be created
 */}}
 {{- define "scylladb.createTlsSecret" -}}
-{{- if and (include "scylladb.tlsEncryption" .) .Values.tls.autoGenerated (not .Values.tls.existingSecret)  }}
+{{- if and (include "scylladb.tlsEncryptionEnabled" .) .Values.tls.autoGenerated.enabled (not .Values.tls.existingSecret)  }}
     {{- true -}}
 {{- end -}}
 {{- end -}}
@@ -179,7 +181,7 @@ Return the path to the cert file.
 */}}
 {{- define "scylladb.tlsCert" -}}
 {{- if (include "scylladb.createTlsSecret" . ) -}}
-    {{- printf "/bitnami/scylladb/certs/%s" "tls.crt" -}}
+    {{- printf "/bitnami/scylladb/cert/%s" "tls.crt" -}}
 {{- else -}}
     {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/bitnami/scylladb/certs/%s" -}}
 {{- end -}}
@@ -190,7 +192,7 @@ Return the path to the cert key file.
 */}}
 {{- define "scylladb.tlsCertKey" -}}
 {{- if (include "scylladb.createTlsSecret" . ) -}}
-    {{- printf "/bitnami/scylladb/certs/%s" "tls.key" -}}
+    {{- printf "/bitnami/scylladb/cert/%s" "tls.key" -}}
 {{- else -}}
     {{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/bitnami/scylladb/certs/%s" -}}
 {{- end -}}
@@ -201,9 +203,9 @@ Return the path to the CA cert file.
 */}}
 {{- define "scylladb.tlsCACert" -}}
 {{- if (include "scylladb.createTlsSecret" . ) -}}
-    {{- printf "/bitnami/scylladb/certs/%s" "ca.crt" -}}
+    {{- printf "/bitnami/scylladb/ca/%s" "tls.crt" -}}
 {{- else if .Values.tls.certCAFilename -}}
-    {{- printf "/bitnami/scylladb/certs/%s" .Values.tls.certCAFilename -}}
+    {{- printf "/bitnami/scylladb/ca/%s" .Values.tls.certCAFilename -}}
 {{- end -}}
 {{- end -}}
 

bitnami/scylladb/templates/ca-cert.yaml

@@ -0,0 +1,56 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and (include "scylladb.tlsEncryptionEnabled" .) .Values.tls.autoGenerated.enabled (eq .Values.tls.autoGenerated.engine "cert-manager") }}
+{{- if empty .Values.tls.autoGenerated.certManager.existingIssuer }}
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ printf "%s-clusterissuer" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/part-of: scylladb
+    app.kubernetes.io/component: scylladb
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  selfSigned: {}
+---
+{{- end }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/part-of: scylladb
+    app.kubernetes.io/component: scylladb
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  secretName: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }}
+  commonName: {{ printf "%s-ca" (include "common.names.fullname" .) }}
+  isCA: true
+  issuerRef:
+    name: {{ default (printf "%s-clusterissuer" (include "common.names.fullname" .)) .Values.tls.autoGenerated.certManager.existingIssuer }}
+    kind: {{ default "Issuer" .Values.tls.autoGenerated.certManager.existingIssuerKind }}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/part-of: scylladb
+    app.kubernetes.io/component: scylladb
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  ca:
+    secretName: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }}
+{{- end }}

bitnami/scylladb/templates/cert.yaml

@@ -0,0 +1,44 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and (include "scylladb.tlsEncryptionEnabled" .) .Values.tls.autoGenerated.enabled (eq .Values.tls.autoGenerated.engine "cert-manager") }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ printf "%s-crt" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/part-of: scylladb
+    app.kubernetes.io/component: scylladb
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  secretName: {{ printf "%s-crt" (include "common.names.fullname" .) }}
+  commonName: {{ printf "%s.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain }}
+  issuerRef:
+    name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }}
+    kind: Issuer
+  subject:
+    organizations:
+      - "ScyllaDB"
+  dnsNames:
+    - '*.{{ include "common.names.namespace" . }}'
+    - '*.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+    - '*.{{ include "common.names.fullname" . }}'
+    - '*.{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}'
+    - '*.{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+    - '*.{{ printf "%s-headless" (include "common.names.fullname" .) }}'
+    - '*.{{ printf "%s-headless" (include "common.names.fullname" .) }}.{{ include "common.names.namespace" . }}'
+    - '*.{{ printf "%s-headless" (include "common.names.fullname" .) }}.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ printf "%s-headless" (include "common.names.fullname" .) }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+  privateKey:
+    algorithm: {{ .Values.tls.autoGenerated.certManager.keyAlgorithm }}
+    size: {{ int .Values.tls.autoGenerated.certManager.keySize }}
+  duration: {{ .Values.tls.autoGenerated.certManager.duration }}
+  renewBefore: {{ .Values.tls.autoGenerated.certManager.renewBefore }}
+{{- end }}

bitnami/scylladb/templates/client-cert.yaml

@@ -0,0 +1,36 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and (include "scylladb.tlsEncryptionEnabled" .) .Values.tls.autoGenerated.enabled (eq .Values.tls.autoGenerated.engine "cert-manager") }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ printf "%s-client-crt" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/part-of: scylladb
+    app.kubernetes.io/component: scylladb
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  secretName: {{ printf "%s-client-crt" (include "common.names.fullname" .) }}
+  commonName: {{ printf "%s-client" (include "common.names.fullname" .) }}
+  issuerRef:
+    name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }}
+    kind: Issuer
+  subject:
+    organizations:
+      - "ScyllaDB"
+  dnsNames:
+    - '*.{{ include "common.names.namespace" . }}'
+    - '*.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+  privateKey:
+    algorithm: {{ .Values.tls.autoGenerated.certManager.keyAlgorithm }}
+    size: {{ int .Values.tls.autoGenerated.certManager.keySize }}
+  duration: {{ .Values.tls.autoGenerated.certManager.duration }}
+  renewBefore: {{ .Values.tls.autoGenerated.certManager.renewBefore }}
+{{- end }}

bitnami/scylladb/templates/headless-svc.yaml

@@ -36,3 +36,5 @@ spec:
       targetPort: cql
   {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
   selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/part-of: scylladb
+    app.kubernetes.io/component: scylladb

bitnami/scylladb/templates/hpa.yaml

@@ -0,0 +1,50 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.autoscaling.hpa.enabled  }}
+apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/part-of: scylladb
+    app.kubernetes.io/component: scylladb
+  {{- if or .Values.autoscaling.hpa.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.autoscaling.hpa.annotations .Values.commonAnnotations ) "context" . ) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.autoscaling.hpa.behavior }}
+  behavior:
+    {{- toYaml .Values.autoscaling.hpa.behavior | nindent 4 }}
+  {{- end }}
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: StatefulSet
+    name: {{ include "common.names.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.hpa.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.hpa.maxReplicas }}
+  metrics:
+  {{- if .Values.autoscaling.hpa.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          averageUtilization: {{ .Values.autoscaling.hpa.targetCPUUtilizationPercentage }}
+          type: Utilization
+  {{- end }}
+  {{- if .Values.autoscaling.hpa.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          averageUtilization: {{ .Values.autoscaling.hpa.targetMemoryUtilizationPercentage }}
+          type: Utilization
+  {{- end }}
+  {{- if .Values.autoscaling.hpa.customRules -}}
+    {{- toYaml .Values.autoscaling.hpa.customRules | nindent 4}}
+  {{- end -}}
+{{- end }}

bitnami/scylladb/templates/pdb.yaml

@@ -25,4 +25,6 @@ spec:
   {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
   selector:
     matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/part-of: scylladb
+      app.kubernetes.io/component: scylladb
 {{- end }}

bitnami/scylladb/templates/secret.yaml

@@ -22,4 +22,4 @@ data:
   {{- else }}
   scylladb-password: {{ required "A password is required!" .Values.dbUser.password | b64enc | quote }}
   {{- end }}
-{{ end }}
+{{- end }}