(This needs to be updated to let a user have Ansible create a secret for them, and they provide the cert/key/caCert)
[MC-545] Introduces a top-level tls
key in the metering charts.
The ansible-operator is configured to automatically generate the necessary certificates and keys so that Presto components, and Presto to reporting-operator can communicate.
The key tls.enabled
is currently defaulted to true, meaning if you wanted to enable TLS yourself you would need to specify tls.enabled: false
in your meteringconfig CR.
apiVersion: metering.openshift.io/v1alpha1
kind: MeteringConfig
metadata:
name: "operator-metering"
spec: {}
The meteringconfig could replace the empty spec (spec: {}
) with your preferred storage option.
What you would need to verify is that the Presto and reporting-operator pods are coming up properly, query Presto, and ensure that reports can be generated:
Query-ing Presto:
kubectl -n $METERING_NAMESPACE exec -it "$(kubectl -n $METERING_NAMESPACE get pods -l app=presto,presto=coordinator -o name | cut -d/ -f2)" -- /usr/local/bin/presto-cli --server https://presto:8080 --catalog hive --schema default --user root --keystore-path /opt/presto/tls/keystore.pem
You would need to run a query too:
show tables;
This should show all the Hive tables. You can either create a report of your choice.
This is like verifying that Presto client-side authentication was enabled properly. We need to create certificates and keys for the root CA, Presto server, and Presto client. Once those certificates are created, you would need to create a secret manually, and reference those secrets in the secretName
field.
Follow: https://gist.github.com/timflannagan1/5b9cd5425eb5c4b85c804f034f7da9ea (I updated the meteringconfig to reflect changes made to schema - let me know if I need to update anything else)